-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HttpClientFactory] Do not log query string by default #103769
Conversation
Tagging subscribers to this area: @dotnet/ncl |
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: Miha Zupan <[email protected]>
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingScopeHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
...osoft.Extensions.Http/tests/Microsoft.Extensions.Http.Tests/Logging/LoggingUriOutputTests.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comments above
We don't want to expose a programmatic option for this on HttpClientFactoryOptions or somewhere similar? |
We weren't able to agree on an API for this an related requests, like support for Many customers (including our first-parties) would find the usability of a HttpClientFactory-scoped Uri-redaction API limited. In order to deliver a consistent solution for all the requests in the telemetry space, we decided to push this out to .NET 10. |
…ent variable for the fallback switch
...nsions.Http/tests/Microsoft.Extensions.Http.Tests/Logging/RedactedLogValueIntegrationTest.cs
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
- Use a shared switch to opt-out from redaction entirely (System.Net.Http.DisableUriRedaction) - Simplify and optimize redaction logic, always omit Fragment when redacting - Adjust and consolidate tests
@CarnaViire @MihaZupan with e557330, this is ready for review again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
The |
Add the following standard tags to the HTTP Request Activities started in DelegatingHandler: http.request.method http.request.method_original server.address server.port url.full error.type http.response.status_code network.protocol.version Just like in #103769, url.full is being redacted by removing UserInfo and the query string, while exposing a System.Net.Http.DisableQueryRedaction switch for opting-out from the latter.
Breaking change issue is created for this: dotnet/docs#42792 |
Since query strings often contain sensitive information, we decided to avoid including them in HttpClientFactory logs by default. For use-cases where logging query string is necessary and safe, query string logging can be turned on globally by an AppContext switch
System.Net.Http.DisableUriRedaction
.In .NET 10 we plan to support more sophisticated redaction scenarios.