-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoggingScopeHttpMessageHandler should not log unredacted Uri #74339
Comments
Tagging subscribers to this area: @dotnet/ncl Issue DetailsDescriptionLoggingScopeHttpMessageHandler logs HttpMethod and Uri here. While Reproduction StepsUse HttpClient to Send a request:
Expected behaviorEither of those:
Actual behaviorILogger's scope contains this:
where 12345 is my privacy information Regression?No response Known WorkaroundsThe only way is ConfigurationNo response Other informationNo response
|
Thank you @evgenyfedorov2 |
Duplicate of #68675 |
Hey @CarnaViire, isn't #68675 only about query parameters? |
@xakep139 oh right, thanks for pointing that out. But let's gather all additional requirements in one place. |
Description
LoggingScopeHttpMessageHandler logs HttpMethod and Uri here. While
HttpMethod
is safe to log,Uri
is not, it often contains sensitive information which is a huge risk.Reproduction Steps
Use HttpClient to send a request:
Expected behavior
Either of those:
Actual behavior
ILogger's scope contains this:
where 12345 is my privacy information
Regression?
No response
Known Workarounds
The only way is
services.RemoveAll<IHttpMessageHandlerBuilderFilter>();
which is harsh. I need logging, but don't want to be exposed to a risk of leaking sensitive informationConfiguration
No response
Other information
No response
The text was updated successfully, but these errors were encountered: