[HttpClientFactory] Do not log query string by default#103769
Merged
antonfirsov merged 21 commits intodotnet:mainfrom Jul 4, 2024
Merged
[HttpClientFactory] Do not log query string by default#103769antonfirsov merged 21 commits intodotnet:mainfrom
antonfirsov merged 21 commits intodotnet:mainfrom
Conversation
antonfirsov
added
breaking-change
Contributor
|
Tagging subscribers to this area: @dotnet/ncl |
antonfirsov
commented
Jun 20, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
antonfirsov
commented
Jun 20, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
MihaZupan
reviewed
Jun 20, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
This was referenced Jun 20, 2024
Open
Closed
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
This was referenced Jun 21, 2024
Build failure: Static graph-based restore failed with exit code .* but did not log an error.
#103526
Closed
CarnaViire
reviewed
Jun 21, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingScopeHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
CarnaViire
reviewed
Jun 21, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingHttpMessageHandler.cs
Outdated
Show resolved
Hide resolved
CarnaViire
reviewed
Jun 21, 2024
...osoft.Extensions.Http/tests/Microsoft.Extensions.Http.Tests/Logging/LoggingUriOutputTests.cs
Outdated
Show resolved
Hide resolved
Member
|
We don't want to expose a programmatic option for this on HttpClientFactoryOptions or somewhere similar? |
Contributor
Author
We weren't able to agree on an API for this an related requests, like support for Many customers (including our first-parties) would find the usability of a HttpClientFactory-scoped Uri-redaction API limited. In order to deliver a consistent solution for all the requests in the telemetry space, we decided to push this out to .NET 10. |
…ent variable for the fallback switch
CarnaViire
reviewed
Jun 21, 2024
...nsions.Http/tests/Microsoft.Extensions.Http.Tests/Logging/RedactedLogValueIntegrationTest.cs
Show resolved
Hide resolved
antonfirsov
removed
the
NO-MERGE
CarnaViire
reviewed
Jul 1, 2024
MihaZupan
reviewed
Jul 2, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
- Use a shared switch to opt-out from redaction entirely (System.Net.Http.DisableUriRedaction) - Simplify and optimize redaction logic, always omit Fragment when redacting - Adjust and consolidate tests
Contributor
Author
|
@CarnaViire @MihaZupan with e557330, this is ready for review again. |
MihaZupan
approved these changes
Jul 3, 2024
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
src/libraries/Microsoft.Extensions.Http/src/Logging/LogHelper.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
Contributor
Author
|
The |
antonfirsov
added a commit
that referenced
this pull request
Jul 10, 2024
Add the following standard tags to the HTTP Request Activities started in DelegatingHandler: http.request.method http.request.method_original server.address server.port url.full error.type http.response.status_code network.protocol.version Just like in #103769, url.full is being redacted by removing UserInfo and the query string, while exposing a System.Net.Http.DisableQueryRedaction switch for opting-out from the latter.
Member
|
Breaking change issue is created for this: dotnet/docs#42792 |
liveans
removed
the
needs-breaking-change-doc-created
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Since query strings often contain sensitive information, we decided to avoid including them in HttpClientFactory logs by default. For use-cases where logging query string is necessary and safe, query string logging can be turned on globally by an AppContext switch
System.Net.Http.DisableUriRedaction.In .NET 10 we plan to support more sophisticated redaction scenarios.