The current implementation of Microsoft.Extensions.Http logging framework redact headers value based on user input however it does not support redact sensitive information from query parameters, which is kind of security issue.
For customers that are more concerned about this logging risk or have to meet audit requirements for all their integrated services it is important to redact query parameters value based on users input.
The problem lies here -
|
private static string? GetUriString(Uri? requestUri) |
We could implement this feature same way as we have a extension in IHttpClientBuilder to redact from header.
|
public static IHttpClientBuilder RedactLoggedHeaders(this IHttpClientBuilder builder, Func<string, bool> shouldRedactHeaderValue) |
We might name this extension RedactLoggedQueryParameters
Thanks,
Ankit S
The current implementation of Microsoft.Extensions.Http logging framework redact headers value based on user input however it does not support redact sensitive information from query parameters, which is kind of security issue.
For customers that are more concerned about this logging risk or have to meet audit requirements for all their integrated services it is important to redact query parameters value based on users input.
The problem lies here -
runtime/src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingScopeHttpMessageHandler.cs
Line 133 in 215b39a
We could implement this feature same way as we have a extension in IHttpClientBuilder to redact from header.
runtime/src/libraries/Microsoft.Extensions.Http/src/DependencyInjection/HttpClientBuilderExtensions.cs
Line 463 in 215b39a
We might name this extension
RedactLoggedQueryParametersThanks,
Ankit S