cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7070) HTTP headers logged in debug
Date Wed, 12 Oct 2016 15:55:21 GMT

    [ https://issues.apache.org/jira/browse/CXF-7070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15569098#comment-15569098
] 

ASF GitHub Bot commented on CXF-7070:
-------------------------------------

GitHub user andymc12 opened a pull request:

    https://github.com/apache/cxf/pull/178

    CXF-7070 - Avoid logging sensitive headers

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/andymc12/cxf headers

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cxf/pull/178.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #178
    
----

----


> HTTP headers logged in debug
> ----------------------------
>
>                 Key: CXF-7070
>                 URL: https://issues.apache.org/jira/browse/CXF-7070
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>            Reporter: Fadi Mohsen
>
> We try to avoid logging of authorization header value in out/in requests, we filtered
out these in interceptors, but turns out these are logged anyway in [CXF debug mode| https://github.com/apache/cxf/blob/120d20f47022a76970ff0fb9c9d7413cfe019eb2/rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java#L436]:
> {code}
>         if (LOG.isLoggable(Level.FINE)) {
>             LOG.log(Level.FINE, "Request Headers: " + headers.toString());
>         }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message