From 019d2091435357abec605967e0b41e9d420682ca Mon Sep 17 00:00:00 2001 From: Slava Koyfman Date: Sun, 22 Dec 2024 09:44:28 +0200 Subject: [PATCH] Disable dumping of headers on trace Some headers (e.g.: Authorization) contains sensitive information which should not be logged. --- bazel/repository_locations.bzl | 2 +- source/common/http/filter_manager.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index 05d1ae99dd28..6977b408ffeb 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -920,7 +920,7 @@ REPOSITORY_LOCATIONS_SPEC = dict( # Static snapshot of https://quiche.googlesource.com/googleurl/+archive/9cdb1f4d1a365ebdbcbf179dadf7f8aa5ee802e7.tar.gz. version = "9cdb1f4d1a365ebdbcbf179dadf7f8aa5ee802e7", sha256 = "a1bc96169d34dcc1406ffb750deef3bc8718bd1f9069a2878838e1bd905de989", - urls = ["https://storage.googleapis.com/quiche-envoy-integration/googleurl_{version}.tar.gz"], + urls = ["https://storage.googleapis.com/quiche-envoy-integration/googleurl-{version}.tar.gz"], use_category = ["controlplane", "dataplane_core"], extensions = [], release_date = "2022-04-04", diff --git a/source/common/http/filter_manager.h b/source/common/http/filter_manager.h index 9fc0c99b0359..90cd44f0ec71 100644 --- a/source/common/http/filter_manager.h +++ b/source/common/http/filter_manager.h @@ -679,7 +679,8 @@ class FilterManager : public ScopeTrackedObject, const char* spaces = spacesForLevel(indent_level); os << spaces << "FilterManager " << this << DUMP_MEMBER(state_.has_1xx_headers_) << "\n"; - DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()); + // Disabled to avoid dumping sensitive information (such as AUTHORIZATION header) + // DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()); DUMP_DETAILS(filter_manager_callbacks_.requestTrailers()); DUMP_DETAILS(filter_manager_callbacks_.responseHeaders()); DUMP_DETAILS(filter_manager_callbacks_.responseTrailers());