Automatically remove 'authorization' headers from requests in RestError

lib/restError.ts

@@ -24,6 +24,10 @@ export class RestError extends Error implements RestErrorProperties {
       this.code = properties.code;
       this.statusCode = properties.statusCode;
       this.request = properties.request;
+      if (this.request && this.request.headers.contains("authorization")) {
+        this.request = this.request.clone();
+        this.request.headers.remove("authorization");
+      }
       this.response = properties.response;
       this.body = properties.body;
     }

test/shared/restErrorTests.ts

@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+import * as assert from "assert";
+import { HttpMethod, HttpRequest, RestError } from "../../lib/msRest";
+
+describe("RestError", () => {
+  describe("constructor", () => {
+    it("should not strip authorization header in request when header doesn't exist", () => {
+      const request = new HttpRequest({
+        method: HttpMethod.GET,
+        url: "www.example.com",
+        headers: { "a": "A" }
+      });
+
+      const restError = new RestError("error message", { request: request });
+      assert.strictEqual(restError.request, request);
+    });
+
+    it("should strip authorization header in request", () => {
+      const request = new HttpRequest({
+        method: HttpMethod.GET,
+        url: "www.example.com",
+        headers: { "authorization": "remove me!", "a": "A" }
+      });
+
+      const restError = new RestError("error message", { request: request });
+      assert.notStrictEqual(restError.request, request);
+      assert.deepEqual(restError.request!.headers.headersArray(), [{ name: "a", value: "A" }]);
+    });
+  });
+});