Updates sample config with sensitive auth headers

davelopez · davelopez · commit 54553038fbb8 · 2025-10-28T13:54:02.000+01:00
Adds common authentication-related headers (Authorization, X-Auth-Token, X-API-Key) to the default sensitive list for HTTPS URLs in the sample configuration. This provides a more secure default example for users, preventing accidental exposure of sensitive credentials.

Includes a new comment advising users to only employ the minimum necessary configuration for their specific needs, reinforcing security best practices.
diff --git a/lib/galaxy/config/sample/url_headers_conf.yml.sample b/lib/galaxy/config/sample/url_headers_conf.yml.sample
@@ -26,6 +26,7 @@
 # Security: If ANY matching pattern marks a header as sensitive, it will be
 # treated as sensitive (secure-by-default).
 #
+# The following examples are for illustration purposes only; please use only the minimum configuration for your needs.
 # Examples:
 
 patterns:
@@ -90,6 +91,12 @@ patterns:
   # HTTPS URLs - basic headers only (most restrictive for unknown sources)
   - url_pattern: "^https://.*"
     headers:
+      - name: Authorization
+        sensitive: true
+      - name: X-Auth-Token
+        sensitive: true
+      - name: X-API-Key
+        sensitive: true
       - name: Accept
         sensitive: false
       - name: Accept-Language
