@@ -18,6 +18,7 @@ import { fromFriendlyId } from "@trigger.dev/core/v3/isomorphic";
1818import { WORKER_HEADERS , type WorkerQueueClass } from "@trigger.dev/core/v3/workers" ;
1919import type { RuntimeEnvironment , WorkerInstanceGroup } from "@trigger.dev/database" ;
2020import { Prisma , WorkerInstanceGroupType } from "@trigger.dev/database" ;
21+ import { SENSITIVE_WORKER_HEADERS , sanitizeWorkerHeaders } from "./sanitizeWorkerHeaders" ;
2122import { createHash , timingSafeEqual } from "crypto" ;
2223import { customAlphabet } from "nanoid" ;
2324import { z } from "zod" ;
@@ -187,15 +188,13 @@ export class WorkerGroupTokenService extends WithRunEngine {
187188
188189 if ( a . byteLength !== b . byteLength ) {
189190 logger . error ( "[WorkerGroupTokenService] Managed secret length mismatch" , {
190- managedWorkerSecret,
191191 headers : this . sanitizeHeaders ( request ) ,
192192 } ) ;
193193 return ;
194194 }
195195
196196 if ( ! timingSafeEqual ( a , b ) ) {
197197 logger . error ( "[WorkerGroupTokenService] Managed secret mismatch" , {
198- managedWorkerSecret,
199198 headers : this . sanitizeHeaders ( request ) ,
200199 } ) ;
201200 return ;
@@ -317,16 +316,10 @@ export class WorkerGroupTokenService extends WithRunEngine {
317316 }
318317 }
319318
320- private sanitizeHeaders ( request : Request , skipHeaders = [ "authorization" ] ) {
321- const sanitizedHeaders : Partial < Record < string , string > > = { } ;
322-
323- for ( const [ key , value ] of request . headers . entries ( ) ) {
324- if ( ! skipHeaders . includes ( key . toLowerCase ( ) ) ) {
325- sanitizedHeaders [ key ] = value ;
326- }
327- }
328-
329- return sanitizedHeaders ;
319+ // Strip sensitive headers before logging request headers — see
320+ // `sanitizeWorkerHeaders`.
321+ private sanitizeHeaders ( request : Request , denylist = SENSITIVE_WORKER_HEADERS ) {
322+ return sanitizeWorkerHeaders ( request . headers , denylist ) ;
330323 }
331324}
332325
0 commit comments