Skip to content

IHttpClientBuilder should have extension to redact query parameter from logging #68675

New issue
New issue
Closed as not planned
Closed as not planned
IHttpClientBuilder should have extension to redact query parameter from logging#68675
Labels
api-suggestionEarly API idea and discussion, it is NOT ready for implementationarea-Extensions-HttpClientFactory
Milestone
8.0.0
@anktsrkr

Description

@anktsrkr
anktsrkr
opened on Apr 28, 2022

The current implementation of Microsoft.Extensions.Http logging framework redact headers value based on user input however it does not support redact sensitive information from query parameters, which is kind of security issue.

image

For customers that are more concerned about this logging risk or have to meet audit requirements for all their integrated services it is important to redact query parameters value based on users input.

The problem lies here -

runtime/src/libraries/Microsoft.Extensions.Http/src/Logging/LoggingScopeHttpMessageHandler.cs

Line 133 in 215b39a

private static string? GetUriString(Uri? requestUri)

We could implement this feature same way as we have a extension in IHttpClientBuilder to redact from header.

runtime/src/libraries/Microsoft.Extensions.Http/src/DependencyInjection/HttpClientBuilderExtensions.cs

Line 463 in 215b39a

public static IHttpClientBuilder RedactLoggedHeaders(this IHttpClientBuilder builder, Func<string, bool> shouldRedactHeaderValue)

We might name this extension RedactLoggedQueryParameters

Thanks,
Ankit S

Metadata

Metadata

Assignees

No one assigned

    Labels

    api-suggestionEarly API idea and discussion, it is NOT ready for implementationarea-Extensions-HttpClientFactory

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions