Exclude cookie headers by default from HTTP traces

Emily Tsanova · wilkinsona · commit 5ff515727dce · 2020-08-11T15:58:55.000+01:00
See gh-22829
diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -653,7 +653,6 @@
       "defaultValue": [
         "request-headers",
         "response-headers",
-        "cookies",
         "errors"
       ]
     },
diff --git a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/http/Include.java b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/http/Include.java
@@ -24,6 +24,8 @@
  * Include options for HTTP tracing.
  *
  * @author Wallace Wadge
+ * @author Emily Tsanova
+ * @author Joseph Beeton
  * @since 2.0.0
  */
 public enum Include {
@@ -55,6 +57,7 @@ public enum Include {
 	PRINCIPAL,
 
 	/**
+	 *
 	 * Include the remote address.
 	 */
 	REMOTE_ADDRESS,
@@ -75,7 +78,6 @@ public enum Include {
 		Set<Include> defaultIncludes = new LinkedHashSet<>();
 		defaultIncludes.add(Include.REQUEST_HEADERS);
 		defaultIncludes.add(Include.RESPONSE_HEADERS);
-		defaultIncludes.add(Include.COOKIE_HEADERS);
 		defaultIncludes.add(Include.TIME_TAKEN);
 		DEFAULT_INCLUDES = Collections.unmodifiableSet(defaultIncludes);
 	}
