Jitsi logs user-identifiable JWT token

[mfts]

Description:

I have noticed that Jitsi logs the room name and the JWT token if that authentication method is chosen. It would be possible to impersonate a user if someone else can get access to this information. I would like to remove it altogether from my logs.

Is there a way to remove the logging of this sensitive information?

2020-09-15 10:57:32 | 172.20.0.1 - - [15/Sep/2020:09:57:32 +0200] "POST /http-bind?room=<ROOM NAME HERE>&token=<TOKEN HERE> HTTP/1.0" 200 318 "-" "Jitsi%20Meet/4 CFNetwork/1128.0.1 Darwin/19.6.0"

Steps to reproduce:

Regular Jitsi Meet Docker instance
These are the logs of the web container. I'm sure there are similar logs in the Jitsi Meet from source.

Server information:

• Jitsi Meet version: stable-4857
• Operating System: Debian10

Additional information:

[saghul]

I think this would help: #434

[mfts]

Yes that'll do it, thanks! That PR would be a great addition to the flexibility of the docker setup.

For now, I've configured it manually for my needs and I will close this issue.