httpx 1.6.2 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c039169fa319d4e42cff7cb34d8a9cc7fc571e62565f673c32436645780222c
-  data.tar.gz: 6affb65b4fa71aa813cffc498034e0c6a6609bcdb0fca9d0ae9df738d4786d1d
+  metadata.gz: 2af63a63fe08211db58764570618b2e7c234d3473a28fc1ad6f5a31c3d0fb13d
+  data.tar.gz: 6b2671b85ac69e4817b8b764dfdabf638dacf94cfdcab6c44627ad64a57bcb50
 SHA512:
-  metadata.gz: 21be43709d51f7c50d1624923bc1657c9f096b84686612ff70f660af320d71d94d28a52ccef05f27558d74f22e1fd307944ca8ddf8b6c74c0b322e83eaad9b19
-  data.tar.gz: c551d2b32a71c5bbf099283b3577abe80d5005f702af5edefb79f445296c37c8fb9afb3d52b18db254a0c4ddd115d5f45953549f9b3c99c90ff8b86aedd6cb91
+  metadata.gz: 50a2d2d3c0cb27f3bf84cc34553b06bd9fadf46ad789f9cfa08091cc458ac07751cb5593e01d242d88e444f10ac2b3014ea3e4e56f7c616ebc860517d08ef90d
+  data.tar.gz: 6b15f21262e85639c6d32b9851926d7e717b6f9bcbc226b9af3872d67461799fd24847a2d563dfbad1967d5349d371c18a1a6e1a28c721c5f33387f2fc1446a7

data/doc/release_notes/0_11_0.md

@@ -21,7 +21,7 @@ stub_http_request(:get, "https://www.google.com").and_return(status: 200, body:
 
 ```
 
-Read more about it in the [webmock integration documentation](https://os85.gitlab.io/httpx/wiki/Webmock-Adapter).
+Read more about it in the [webmock integration documentation](https://honeyryderchuck.gitlab.io/httpx/wiki/Webmock-Adapter).
 
 ### Datadog Adapter
 
@@ -40,7 +40,7 @@ A trace will be emitted for every request, so this should be an interesting visu
 
 Customization options and traces are similar to what [the net-http adapter provides](https://docs.datadoghq.com/tracing/setup_overview/setup/ruby/#nethttp).
 
-Read more about it in the [datadog integration documentation](https://os85.gitlab.io/httpx/wiki/Datadog-Adapter).
+Read more about it in the [datadog integration documentation](https://honeyryderchuck.gitlab.io/httpx/wiki/Datadog-Adapter).
 
 ## Improvements
 
@@ -52,7 +52,7 @@ Read more about it in the [datadog integration documentation](https://os85.gitla
 HTTPX.plugin(:multipart).post(uri, form: {file: File.new("path/to/file")})
 ```
 
-Read more about it in the [multipart plugin documentation](https://os85.gitlab.io/httpx/wiki/Multipart-Uploads), including also about why this was made.
+Read more about it in the [multipart plugin documentation](https://honeyryderchuck.gitlab.io/httpx/wiki/Multipart-Uploads), including also about why this was made.
 
 ### Expect Plugin
 

data/doc/release_notes/1_6_3.md

@@ -0,0 +1,47 @@
+# 1.6.3
+
+## Features
+
+* allow redacting only headers, or only the body, when using `debug_redact: :headers` or `debug_redact: :body` respectively.
+
+## Improvements
+
+* `system` resolver now works in a non-blocking manner, initiating the dns query in a separate thread and waiting on the pipe after that (it was blocking the main thread during resolution before).
+* reduce allocation to a single shared option object when headers are passed as a session-level option, like `HTTPX.with(headers: headers).get(...)`
+* favour using `String#replace` in buffer operations (instead of "clean-then-append").
+* using `Array#unshift` instead of `Array#concat` in order to ensure that request ordering is respected in the face of an in-between error which requires reconnect-and-resend.
+* replaced more internal callback indirection with plain method calls.
+
+
+## Bugfixes
+
+* https: prevent modification of the ssl context object when performing a reconnection.
+* compression: do not return early if the decompression buffer yields an empty string (more frequent under jruby 10).
+* response cache: take query params into account when caching or retrieving cached responses.
+* response cache: do not decompress cached responses on body consumption (the response bodies are cached in plaintext).
+* native resolver: pick next timeout associated with the hostname being resolved (and not the hostnames in the queue).
+* pool: assume that, even when signalled that a connection is available, context may be switched to a session which also checks the same connection out, before it's able to pick it up; in such a case, start from the beginning, until the pool timeout expires.
+* session: forego bookkeeping when a connection is coalesced (instead, allow it to be dropped).
+* digest_auth: make sure that an array is sent back if the probe response fails.
+* alt-svc: when alt-svc handshake happens with more in-flight requests, defer termination to when these requests are made.
+* http2: fix use of unexisting var `ex` when processing the connection closed callback.
+* connection: fix potential session dereferencing, which allowed connections to be used across sessions, therefore bypassing needed synchronization and leading to the `undefined method 'after' for nil:NilClass` error.
+* selector: close only selected connections (instead of all selectable connections) when an error occurs during IO readiness wait calls.
+* resolvers: correctly propagate abrupt termination errors to the connection objects waiting for the answer.
+* resolvers: when errors happenm force-close unresolved connections (and ensure they're both pinned to the corresponding session before the error happens, and are unpinned after error is propagated).
+* resolvers: ensure resolvers transition to "closed" state, on all cases, when any error happens.
+* resolvers: ensure that the next hostname is resolved when a timeout happens on the current one.
+* native resolver: fixed duplication of the hostname to resolve in the list of candidates.
+* https resolver: use a `system` resolver to resolve the DoH server hostname (instead of rerouting it to itself).
+* https resolver: skip loop error reporting when error happens outside of it.
+* https resolver: close connection on resolve errors, which prevents it from being around in the pool after termination; also deactivate it after successful use.
+* multi resolver: do not check resolvers back into the pool if it's a multi resolver and the peer is still resolving (and do the check outside of the critical area).
+* sentry adapter: removed usage of deprecated method which has been removed in sentry-ruby 6.0.0.
+* selector: when coalescing connections, pin the current session before merging connections, to prevent it from registering in a selector being used in a different thread, and inadvertedly allowing it to be used across threads.
+* session: fix: always pin connection before early-or-lazy resolution (fixes connection pool accounting under connection coalescing).
+
+## Chores
+
+* logging emits a timestamp as well (to monitor timeouts).
+* `:stream_bidi` plugin: extends HTTP2 module by using plugin extensions.
+* connection: remove session/selector references when closing a connection (prevents leaking them beyond the usage scope).

data/doc/release_notes/1_7_0.md

@@ -0,0 +1,149 @@
+# 1.7.0
+
+## Features
+
+### All AUTH plugin improvements!!
+
+#### `:auth`
+
+The `:auth` plugin can now be used with a dynamic callable object (methods, procs...) to generate the token.
+
+```ruby
+# static token, pre 1.7.0
+HTTPX.plugin(:auth).authorization("API-TOKEN")
+# dynamically generate token!
+HTTPX.plugin(:auth).authorization { generate_new_ephemeral_token }
+```
+
+The `.authorization` method is now syntactic sugar for a new option, `:auth_header_value`, which can be used directly, alongside a `:auth_header_type`:
+
+```ruby
+HTTPX.plugin(:auth).authorization("API-TOKEN")
+HTTPX.plugin(:auth).authorization { generate_new_ephemeral_token }
+HTTPX.plugin(:auth).authorization("Bearer API-TOKEN")
+# same as
+HTTPX.plugin(:auth, auth_header_value: "API-TOKEN")
+HTTPX.plugin(:auth, auth_header_value: -> { generate_new_ephemeral_token })
+HTTPX.plugin(:auth, auth_header_type: "Bearer", auth_header_value: "API-TOKEN")
+```
+
+A new option `:generate_auth_value_on_retry` (which can be passed a callable receiving a response object) is now available; when used alongside the `:retries` plugin, it'll use the callable passed to the `.authorization` method to generate a new token before retrying the request:
+
+```ruby
+authed = HTTPX.plugin(:retries).plugin(:auth, generate_auth_value_on_retry: ->(res) {
+  res.status == 401
+}).authorization { generate_new_ephemeral_token }
+authed.get("https://example.com")
+```
+
+Read more about it in the [auth plugin wiki](https://honeyryderchuck.gitlab.io/httpx/wiki/Auth).
+
+#### `:oauth`
+
+The `:oauth` plugin implementation was revamped to make use of the `:auth` plugin new functionality, in order to make managing an oauth session more seamless.
+
+Take the following example:
+
+```ruby
+session = HTTPX.plugin(:oauth).with_oauth_options(
+  issuer: server.origin,
+  client_id: "CLIENT_ID",
+  client_secret: "SECRET",
+)
+session.get("https://example.com") #=> will load server metadata, request an access token, and perform the request with the access token.
+# 2 hours later...
+session.get("https://example.com")
+# it'll reuse the same acces token, and if the request fails with 401, it'll request a new
+# access token using the refresh token grant (when supported by the token issuer), and
+# reperform the original request with the new access token.
+```
+
+A new option, `:oauth_options`, is now available. The same parameters previously supported by the `:oauth_session` options are supported.
+
+The following components are therefore deprecated and scheduled for removal in a future major version:
+
+* `:oauth_session` option
+* `.oauth_auth` session method
+* `.with_access_token` session method
+
+#### `:bearer_auth`, `:digest_auth`; `:ntlm_auth`
+
+The `:auth` plugin is now the foundation of each of these plugins, which haven't suffered major API changes.
+
+Read more about it in the [auth plugin wiki](https://honeyryderchuck.gitlab.io/httpx/wiki/OAuth).
+
+### `:retries` plugin: `:retry_after` backoff algorithms
+
+The `:retries` plugins supports two new possible values for the `:retry_after` option: `:exponential_backoff` and `:polynomial_backoff`. They'll implement the respective calculation per each retry of a given request.
+
+```ruby
+# will wait 1, 2, 4, 8, 16 seconds... depending of how many retries it can wait for
+session = HTTPX.plugin(:retries, retry_after: :exponential_backoff)
+```
+
+Read more about it in the [retries plugin wiki](https://honeyryderchuck.gitlab.io/httpx/wiki/Retries).
+
+### Ractor compatibility
+
+`httpx` can be used within a ractor:
+
+```ruby
+# ruby 4.0 syntax
+response = Ractor.new(uri) do |uri|
+  HTTPX.get(uri)
+end.value
+```
+
+Bear in mind that, if you're connection via HTTPS, you'll need make sure you're using version 4.0 or higher of the `openssl` gem.
+
+The test suite isn't exhaustive for ractors yet, but most plugins should also be ractor-compatible. If they don't work, that's a bug, and you're recommended to report it.
+
+## Improvements
+
+* When encoding the `:json` param to send it as `application/json` payload, (example: `HTTPX.post("https://example.com", json: { foo: "bar })`), and the method uses the `json` standard library, it'll use `JSON.generate` (instead of `JSON.dump`) to encode the JSON payload. The reason is that, unlike `JSON.dump`, it doesn't rely on access to a global mutable hash, and is therefore ractor-safe.
+* `:stream` plugin: the stream response class (the object that is returned in request calls is a stream response) can be extended now. You can add a `StreamResponseMethods` method to your plugin. Read more about it in the documentation.
+* The resolver name cache (used by the native and https resolvers) was remade into a LRU cache, and will therefore not keep on growing when `httpx` is used to connect to a huge number of hostnames in a process.
+* the native and https DNS resolvers will ignore answers with SERVFAIL code while there are retries left (some resolvers use such error code for rate limiting).
+* `:timeout` option values are now validated, and an error is raised when passing an unrecognized timeout option (which is a good layer of protection for typos).
+* pool: try passing the scheduler to a thread waiting on a connection, to avoid the current case where a connection may be checked-in-then-immediately-out-after when doing multiple requests in a loop, never giving a chance to others and potentially making the pool time out.
+* headers deep-freeze and dup.
+
+## Bugfixes
+
+* recover and close connection when an `IOError` is raised while waiting for IO readiness (could cause busy loops during HTTP/2 termination handshake).
+* `:stream_bidi` plugin: improve thread-safety of buffer operations when the session is used from multiple threads.
+* `:stream_bidi` plugin: added missing methods to signal in order to comply with the Selectable API (it was reported as raising `NoMethodError` under certain conditions).
+* `:stream_bidi` plugin: can support non-bidirectional stream requests using the same session.
+* `:stream` plugin: is now compatible with fiber scheduler engines (via the `:fiber_concurrency` plugin).
+* `:stream` plugin: make sure that stream long-running requests do not share the same connection as regular threads.
+* `:digest_auth` plugin: can now support qop values wrapped inside parentheses in the `www-authenticate` header (i.e. `qop="('auth',)"`).
+* https resolver: handle 3XX redirect responses in HTTP DNS queries.
+* https resolver: do not close HTTP connections whhich are shared across AAAA and A resolution paths when its in use by one of them.
+* fix access to private method from `http-2` which was made public in more recent versions, but not in older still-supported versions.
+* fixed resolver log message using a "connection" label.
+* `HTTPX::Response.copy_to` will explicitly close the response at the end; given that the body file can be moved as a result, there is no guarantee that the response is still usable, so might as well just close it altogether.
+* selector: avoid skipping persistent connections in the selector to deactivate due to iterate-and-modify.
+
+## Breaking Changes
+
+### `:digest_auth` error
+
+The main error class for the `:digest_auth` plugin has been moved to a different location. If you were rescuing the `HTTPX::Plugins::DigestAuth::DigestError` error, you should now point to the `HTTPX::Authentication::Digest::Error`.
+
+### `:stream` plugin: `build_request` should receive `stream: true` for stream requests
+
+In case you're building request objects before passing them to the session, you're now forced to create them with the `:stream` option on:
+
+```ruby
+session = HTTPX.plugin(:stream)
+
+# before
+req = session.build_request("GET", "https://example.com/stream")
+session.request(req, stream: true)
+
+# after
+req = session.build_request("GET", "https://example.com/stream", stream: true)
+session.request(req)
+```
+
+Previous code may still work in a few cases, but it is not guaranteed to work on all cases.

data/lib/httpx/adapters/datadog.rb

@@ -80,7 +80,7 @@ module Datadog::Tracing
             else
               span.set_tag(TAG_STATUS_CODE, response.status.to_s)
 
-              span.set_error(::HTTPX::HTTPError.new(response)) if response.status >= 400 && response.status <= 599
+              span.set_error(::HTTPX::HTTPError.new(response)) if response.status.between?(400, 599)
 
               span.set_tags(
                 Datadog.configuration.tracing.header_tags.response_tags(response.headers.to_h)

data/lib/httpx/adapters/faraday.rb

@@ -9,7 +9,7 @@ module Faraday
     class HTTPX < Faraday::Adapter
       def initialize(app = nil, opts = {}, &block)
         @connection = @bind = nil
-        super(app, opts, &block)
+        super
       end
 
       module RequestMixin

data/lib/httpx/adapters/sentry.rb

@@ -32,7 +32,7 @@ module HTTPX::Plugins
 
         return unless config.propagate_traces && config.trace_propagation_targets.any? { |target| url.match?(target) }
 
-        trace = ::Sentry.get_current_client.generate_sentry_trace(sentry_span)
+        trace = sentry_span.to_sentry_trace
         request.headers[::Sentry::SENTRY_TRACE_HEADER_NAME] = trace if trace
       end
 

data/lib/httpx/altsvc.rb

@@ -8,6 +8,8 @@ module HTTPX
     module ConnectionMixin
       using URIExtensions
 
+      H2_ALTSVC_SCHEMES = %w[https h2].freeze
+
       def send(request)
         request.headers["alt-used"] = @origin.authority if @parser && !@write_buffer.full? && match_altsvcs?(request.uri)
 
@@ -46,7 +48,7 @@ module HTTPX
         uri.origin == other_uri.origin || begin
           case uri.scheme
           when "h2"
-            (other_uri.scheme == "https" || other_uri.scheme == "h2") &&
+            H2_ALTSVC_SCHEMES.include?(other_uri.scheme) &&
               uri.host == other_uri.host &&
               uri.port == other_uri.port
           else

data/lib/httpx/connection/http1.rb

@@ -10,6 +10,11 @@ module HTTPX
     MAX_REQUESTS = 200
     CRLF = "\r\n"
 
+    UPCASED = {
+      "www-authenticate" => "WWW-Authenticate",
+      "http2-settings" => "HTTP2-Settings",
+      "content-md5" => "Content-MD5",
+    }.freeze
     attr_reader :pending, :requests
 
     attr_accessor :max_concurrent_requests
@@ -44,12 +49,12 @@ module HTTPX
       @max_requests = @options.max_requests || MAX_REQUESTS
       @parser.reset!
       @handshake_completed = false
-      @pending.concat(@requests) unless @requests.empty?
+      @pending.unshift(*@requests)
     end
 
     def close
       reset
-      emit(:close, true)
+      emit(:close)
     end
 
     def exhausted?
@@ -114,7 +119,7 @@ module HTTPX
                                                      @parser.http_version.join("."),
                                                      headers)
       log(color: :yellow) { "-> HEADLINE: #{response.status} HTTP/#{@parser.http_version.join(".")}" }
-      log(color: :yellow) { response.headers.each.map { |f, v| "-> HEADER: #{f}: #{log_redact(v)}" }.join("\n") }
+      log(color: :yellow) { response.headers.each.map { |f, v| "-> HEADER: #{f}: #{log_redact_headers(v)}" }.join("\n") }
 
       @request.response = response
       on_complete if response.finished?
@@ -126,7 +131,7 @@ module HTTPX
       response = @request.response
       log(level: 2) { "trailer headers received" }
 
-      log(color: :yellow) { h.each.map { |f, v| "-> HEADER: #{f}: #{log_redact(v.join(", "))}" }.join("\n") }
+      log(color: :yellow) { h.each.map { |f, v| "-> HEADER: #{f}: #{log_redact_headers(v.join(", "))}" }.join("\n") }
       response.merge_headers(h)
     end
 
@@ -136,7 +141,7 @@ module HTTPX
       return unless request
 
       log(color: :green) { "-> DATA: #{chunk.bytesize} bytes..." }
-      log(level: 2, color: :green) { "-> #{log_redact(chunk.inspect)}" }
+      log(level: 2, color: :green) { "-> #{log_redact_body(chunk.inspect)}" }
       response = request.response
 
       response << chunk
@@ -182,7 +187,7 @@ module HTTPX
       end
 
       if exhausted?
-        @pending.concat(@requests)
+        @pending.unshift(*@requests)
         @requests.clear
 
         emit(:exhausted)
@@ -236,7 +241,7 @@ module HTTPX
       when /keep-alive/i
         if @handshake_completed
           if @max_requests.zero?
-            @pending.concat(@requests)
+            @pending.unshift(*@requests)
             @requests.clear
             emit(:exhausted)
           end
@@ -360,7 +365,7 @@ module HTTPX
 
       while (chunk = request.drain_body)
         log(color: :green) { "<- DATA: #{chunk.bytesize} bytes..." }
-        log(level: 2, color: :green) { "<- #{log_redact(chunk.inspect)}" }
+        log(level: 2, color: :green) { "<- #{log_redact_body(chunk.inspect)}" }
         @buffer << chunk
         throw(:buffer_full, request) if @buffer.full?
       end
@@ -381,17 +386,11 @@ module HTTPX
     def join_headers2(headers)
       headers.each do |field, value|
         field = capitalized(field)
-        log(color: :yellow) { "<- HEADER: #{[field, log_redact(value)].join(": ")}" }
+        log(color: :yellow) { "<- HEADER: #{[field, log_redact_headers(value)].join(": ")}" }
         @buffer << "#{field}: #{value}#{CRLF}"
       end
     end
 
-    UPCASED = {
-      "www-authenticate" => "WWW-Authenticate",
-      "http2-settings" => "HTTP2-Settings",
-      "content-md5" => "Content-MD5",
-    }.freeze
-
     def capitalized(field)
       UPCASED[field] || field.split("-").map(&:capitalize).join("-")
     end

data/lib/httpx/connection/http2.rb

@@ -3,6 +3,8 @@
 require "securerandom"
 require "http/2"
 
+HTTP2::Connection.__send__(:public, :send_buffer) if HTTP2::VERSION < "1.1.1"
+
 module HTTPX
   class Connection::HTTP2
     include Callbacks
@@ -89,7 +91,7 @@ module HTTPX
         @connection.goaway
         emit(:timeout, @options.timeout[:close_handshake_timeout])
       end
-      emit(:close, true)
+      emit(:close)
     end
 
     def empty?
@@ -234,12 +236,12 @@ module HTTPX
       extra_headers = set_protocol_headers(request)
 
       if request.headers.key?("host")
-        log { "forbidden \"host\" header found (#{log_redact(request.headers["host"])}), will use it as authority..." }
+        log { "forbidden \"host\" header found (#{log_redact_headers(request.headers["host"])}), will use it as authority..." }
         extra_headers[":authority"] = request.headers["host"]
       end
 
       log(level: 1, color: :yellow) do
-        "\n#{request.headers.merge(extra_headers).each.map { |k, v| "#{stream.id}: -> HEADER: #{k}: #{log_redact(v)}" }.join("\n")}"
+        "\n#{request.headers.merge(extra_headers).each.map { |k, v| "#{stream.id}: -> HEADER: #{k}: #{log_redact_headers(v)}" }.join("\n")}"
       end
       stream.headers(request.headers.each(extra_headers), end_stream: request.body.empty?)
     end
@@ -251,7 +253,7 @@ module HTTPX
       end
 
       log(level: 1, color: :yellow) do
-        request.trailers.each.map { |k, v| "#{stream.id}: -> HEADER: #{k}: #{log_redact(v)}" }.join("\n")
+        request.trailers.each.map { |k, v| "#{stream.id}: -> HEADER: #{k}: #{log_redact_headers(v)}" }.join("\n")
       end
       stream.headers(request.trailers.each, end_stream: true)
     end
@@ -279,7 +281,7 @@ module HTTPX
 
     def send_chunk(request, stream, chunk, next_chunk)
       log(level: 1, color: :green) { "#{stream.id}: -> DATA: #{chunk.bytesize} bytes..." }
-      log(level: 2, color: :green) { "#{stream.id}: -> #{log_redact(chunk.inspect)}" }
+      log(level: 2, color: :green) { "#{stream.id}: -> #{log_redact_body(chunk.inspect)}" }
       stream.data(chunk, end_stream: end_stream?(request, next_chunk))
     end
 
@@ -300,7 +302,7 @@ module HTTPX
       end
 
       log(color: :yellow) do
-        h.map { |k, v| "#{stream.id}: <- HEADER: #{k}: #{log_redact(v)}" }.join("\n")
+        h.map { |k, v| "#{stream.id}: <- HEADER: #{k}: #{log_redact_headers(v)}" }.join("\n")
       end
       _, status = h.shift
       headers = request.options.headers_class.new(h)
@@ -313,14 +315,14 @@ module HTTPX
 
     def on_stream_trailers(stream, response, h)
       log(color: :yellow) do
-        h.map { |k, v| "#{stream.id}: <- HEADER: #{k}: #{log_redact(v)}" }.join("\n")
+        h.map { |k, v| "#{stream.id}: <- HEADER: #{k}: #{log_redact_headers(v)}" }.join("\n")
       end
       response.merge_headers(h)
     end
 
     def on_stream_data(stream, request, data)
       log(level: 1, color: :green) { "#{stream.id}: <- DATA: #{data.bytesize} bytes..." }
-      log(level: 2, color: :green) { "#{stream.id}: <- #{log_redact(data.inspect)}" }
+      log(level: 2, color: :green) { "#{stream.id}: <- #{log_redact_body(data.inspect)}" }
       request.response << data
     end
 
@@ -387,18 +389,17 @@ module HTTPX
           end
         else
           ex = GoawayError.new(error)
+          ex.set_backtrace(caller)
+
           @pending.unshift(*@streams.keys)
           teardown
-        end
 
-        if ex
-          ex.set_backtrace(caller)
           handle_error(ex)
         end
       end
       return unless is_connection_closed && @streams.empty?
 
-      emit(:close, is_connection_closed)
+      emit(:close) if is_connection_closed
     end
 
     def on_frame_sent(frame)
@@ -409,7 +410,7 @@ module HTTPX
           when :data
             frame.merge(payload: frame[:payload].bytesize)
           when :headers, :ping
-            frame.merge(payload: log_redact(frame[:payload]))
+            frame.merge(payload: log_redact_headers(frame[:payload]))
           else
             frame
           end
@@ -425,7 +426,7 @@ module HTTPX
           when :data
             frame.merge(payload: frame[:payload].bytesize)
           when :headers, :ping
-            frame.merge(payload: log_redact(frame[:payload]))
+            frame.merge(payload: log_redact_headers(frame[:payload]))
           else
             frame
           end
@@ -435,7 +436,7 @@ module HTTPX
 
     def on_altsvc(origin, frame)
       log(level: 2) { "#{frame[:stream]}: altsvc frame was received" }
-      log(level: 2) { "#{frame[:stream]}: #{log_redact(frame.inspect)}" }
+      log(level: 2) { "#{frame[:stream]}: #{log_redact_headers(frame.inspect)}" }
       alt_origin = URI.parse("#{frame[:proto]}://#{frame[:host]}:#{frame[:port]}")
       params = { "ma" => frame[:max_age] }
       emit(:altsvc, origin, alt_origin, origin, params)