feat(header): make HeaderValue::set_sensitive const

archer-321 · archer-321 · commit c8379958eaa3 · 2025-12-19T19:15:24.000+01:00
Some applications like OAuth clients for GitHub or Forgejo are forced to embed a client password into the application, even if the client is considered public. Make `HeaderValue::set_sensitive` available in const contexts to allow applications to mark embedded headers as sensitive. Warn developers in `set_sensitive`'s documentation that embedded secrets are trivial to dump and should not be considered secure. Closes: #807
diff --git a/src/header/value.rs b/src/header/value.rs
@@ -298,6 +298,11 @@ impl HeaderValue {
 
     /// Mark that the header value represents sensitive information.
     ///
+    /// This method is `const` to allow marking constants created with
+    /// [`HeaderValue::from_static`] as sensitive. Note that sensitive values
+    /// that are embedded into an application are trivial to dump and cannot be
+    /// considered secure.
+    ///
     /// # Examples
     ///
     /// ```
@@ -311,7 +316,7 @@ impl HeaderValue {
     /// assert!(!val.is_sensitive());
     /// ```
     #[inline]
-    pub fn set_sensitive(&mut self, val: bool) {
+    pub const fn set_sensitive(&mut self, val: bool) {
         self.is_sensitive = val;
     }
 
