From a73a7ab1933ddb7d17bd6166be5bd3bc5d055781 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@outlook.com>
Date: Mon, 14 Aug 2017 18:16:46 +0200
Subject: [PATCH] Remove cookies from logging output

HTTP cookies are shared across all ports on a host. The log might contain session ids or CSRF tokens from other applications on the same host.
---
 radicale/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index edd75005..765c9a24 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -250,6 +250,8 @@ class Application:
         authorization = request_environ.get("HTTP_AUTHORIZATION", "")
         if mask_passwords and authorization.startswith("Basic"):
             request_environ["HTTP_AUTHORIZATION"] = "Basic **masked**"
+        if request_environ.get("HTTP_COOKIE"):
+            request_environ["HTTP_COOKIE"] = "**masked**"
 
         return request_environ