From cc97142c9106f1c830dd2f57d3bf7d8bf831b0c5 Mon Sep 17 00:00:00 2001
From: 0AyanamiRei <3244156674@qq.com>
Date: Wed, 11 Feb 2026 08:00:43 +0800
Subject: [PATCH 1/2] hidden the token info in http headers

---
 be/src/http/http_request.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/be/src/http/http_request.cpp b/be/src/http/http_request.cpp
index d077b9a543dadb..663e35152acc2a 100644
--- a/be/src/http/http_request.cpp
+++ b/be/src/http/http_request.cpp
@@ -37,6 +37,13 @@ namespace doris {
 
 static std::string s_empty = "";
 
+// Helper function to check if a header should be masked in logs
+static bool is_sensitive_header(const std::string& header_name) {
+    return iequal(header_name, HttpHeaders::AUTHORIZATION) ||
+           iequal(header_name, HttpHeaders::PROXY_AUTHORIZATION) ||
+           iequal(header_name, "token") || iequal(header_name, HttpHeaders::AUTH_TOKEN);
+}
+
 HttpRequest::HttpRequest(evhttp_request* evhttp_request) : _ev_req(evhttp_request) {}
 
 HttpRequest::~HttpRequest() {
@@ -88,8 +95,7 @@ std::string HttpRequest::debug_string() const {
        << "raw_path:" << _raw_path << "\n"
        << "headers: \n";
     for (auto& iter : _headers) {
-        if (iequal(iter.first, HttpHeaders::AUTHORIZATION) ||
-            iequal(iter.first, HttpHeaders::PROXY_AUTHORIZATION)) {
+        if (is_sensitive_header(iter.first)) {
             ss << "key=" << iter.first << ", value=***MASKED***\n";
         } else {
             ss << "key=" << iter.first << ", value=" << iter.second << "\n";
@@ -123,8 +129,7 @@ std::string HttpRequest::get_all_headers() const {
     std::stringstream headers;
     for (const auto& header : _headers) {
         // Mask sensitive headers
-        if (iequal(header.first, HttpHeaders::AUTHORIZATION) ||
-            iequal(header.first, HttpHeaders::PROXY_AUTHORIZATION)) {
+        if (is_sensitive_header(header.first)) {
             headers << header.first << ":***MASKED***, ";
         } else {
             headers << header.first << ":" << header.second + ", ";

From d7415bea12f42443a103df8e3b6cd74d043e6526 Mon Sep 17 00:00:00 2001
From: 0AyanamiRei <3244156674@qq.com>
Date: Wed, 11 Feb 2026 08:04:54 +0800
Subject: [PATCH 2/2] f

---
 be/src/http/http_request.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/be/src/http/http_request.cpp b/be/src/http/http_request.cpp
index 663e35152acc2a..7478e0d1f41458 100644
--- a/be/src/http/http_request.cpp
+++ b/be/src/http/http_request.cpp
@@ -40,8 +40,8 @@ static std::string s_empty = "";
 // Helper function to check if a header should be masked in logs
 static bool is_sensitive_header(const std::string& header_name) {
     return iequal(header_name, HttpHeaders::AUTHORIZATION) ||
-           iequal(header_name, HttpHeaders::PROXY_AUTHORIZATION) ||
-           iequal(header_name, "token") || iequal(header_name, HttpHeaders::AUTH_TOKEN);
+           iequal(header_name, HttpHeaders::PROXY_AUTHORIZATION) || iequal(header_name, "token") ||
+           iequal(header_name, HttpHeaders::AUTH_TOKEN);
 }
 
 HttpRequest::HttpRequest(evhttp_request* evhttp_request) : _ev_req(evhttp_request) {}