Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HttpClientFactory] Do not log query string by default #103769

Merged
merged 21 commits into from
Jul 4, 2024
Merged

[HttpClientFactory] Do not log query string by default #103769

merged 21 commits into from
Jul 4, 2024

Conversation

antonfirsov
Copy link
Member

@antonfirsov antonfirsov commented Jun 20, 2024
edited
Loading

Since query strings often contain sensitive information, we decided to avoid including them in HttpClientFactory logs by default. For use-cases where logging query string is necessary and safe, query string logging can be turned on globally by an AppContext switch System.Net.Http.DisableUriRedaction .

In .NET 10 we plan to support more sophisticated redaction scenarios.

@antonfirsov antonfirsov added breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. area-Extensions-HttpClientFactory needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet labels Jun 20, 2024
@antonfirsov antonfirsov added this to the 9.0.0 milestone Jun 20, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

This was referenced Jun 20, 2024
Open
Closed
Closed
Closed
Closed
antonfirsov and others added 3 commits June 20, 2024 22:30
This was referenced Jun 21, 2024
Open
Open
CarnaViire
CarnaViire requested changes Jun 21, 2024
View reviewed changes
Copy link
Member

@CarnaViire CarnaViire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments above

@stephentoub
Copy link
Member

We don't want to expose a programmatic option for this on HttpClientFactoryOptions or somewhere similar?

@antonfirsov
Copy link
Member Author

antonfirsov commented Jun 21, 2024
edited
Loading

We don't want to expose a programmatic option for this on HttpClientFactoryOptions or somewhere similar?

We weren't able to agree on an API for this an related requests, like support for url.template, Activity enrichment and filtering.

Many customers (including our first-parties) would find the usability of a HttpClientFactory-scoped Uri-redaction API limited. In order to deliver a consistent solution for all the requests in the telemetry space, we decided to push this out to .NET 10.

@antonfirsov antonfirsov added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Jun 28, 2024
@CarnaViire
Copy link
Member

(marking as draft to prevent accidental merge -- NO-MERGE isn't sufficient)

@CarnaViire CarnaViire marked this pull request as draft July 1, 2024 11:12
@antonfirsov antonfirsov mentioned this pull request Jul 1, 2024
Merged
@antonfirsov antonfirsov removed the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Jul 1, 2024
@antonfirsov
Merge branch 'main' into querystring-01
e711ec9
@antonfirsov
Harmonize redaction:
e557330 
- Use a shared switch to opt-out from redaction entirely (System.Net.Http.DisableUriRedaction)
- Simplify and optimize redaction logic, always omit Fragment when redacting
- Adjust and consolidate tests
@antonfirsov antonfirsov marked this pull request as ready for review July 2, 2024 20:58
@antonfirsov
Copy link
Member Author

antonfirsov commented Jul 2, 2024
edited
Loading

@CarnaViire @MihaZupan with e557330, this is ready for review again.

@antonfirsov antonfirsov removed their assignment Jul 2, 2024
@antonfirsov antonfirsov assigned antonfirsov and unassigned MihaZupan Jul 2, 2024
CarnaViire
CarnaViire approved these changes Jul 3, 2024
View reviewed changes
Copy link
Member

@CarnaViire CarnaViire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@antonfirsov
Copy link
Member Author

The LibraryImportGenerator.Tests failure is unrelated.

@antonfirsov antonfirsov merged commit 64efe26 into dotnet:main Jul 4, 2024
81 of 83 checks passed
antonfirsov added a commit that referenced this pull request Jul 10, 2024
@antonfirsov
Add standard tags to HttpClient native trace instrumentation (#104251)
c7fa446 
Add the following standard tags to the HTTP Request Activities started in DelegatingHandler:

http.request.method
http.request.method_original
server.address
server.port
url.full

error.type
http.response.status_code
network.protocol.version

Just like in #103769, url.full is being redacted by removing UserInfo and the query string, while exposing a System.Net.Http.DisableQueryRedaction switch for opting-out from the latter.
@ManickaP ManickaP mentioned this pull request Jul 16, 2024
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Aug 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blowdart blowdart blowdart left review comments

@MihaZupan MihaZupan MihaZupan approved these changes

@liveans liveans liveans left review comments

@CarnaViire CarnaViire CarnaViire approved these changes

Assignees

@antonfirsov antonfirsov

Labels
area-Extensions-HttpClientFactory breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.
6 participants
@antonfirsov @stephentoub @CarnaViire @blowdart @MihaZupan @liveans