[critical security issue] Sanitizing options for custom headers

If I set the header of the resource like first image,
when end users use a query, they can see this response in the developer tools.

The "Authorization" header is sanitized, but others are completely exposed.
This is a very dangerous security issue.

Many APIs use authentication via custom headers.
Please provide a sanitizing option for custom headers.

1 Like