Skip to content

Exclude URI query from remaining WebClient checkpoints #31992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Exclude URI query from remaining WebClient checkpoints #31992

wants to merge 2 commits into from

Conversation

@aaronrosser
Copy link
Contributor

@aaronrosser aaronrosser commented Jan 9, 2024
edited
Loading

Affects: latest (v6.1.2)
Module: spring-webflux

Continuing from this issue #29148 and its fix f9d8367 regarding full request URIs including sensitive query parameters being included in mono checkpoints.

This PR sanitises URIs included in

  • the mono checkpoint in DefaultWebClient.DefaultRequestBodyUriSpec::exchange
  • the message of WebClientResponseExceptions created via WebClientResponseException::create

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 9, 2024
@pivotal-cla
Copy link

pivotal-cla commented Jan 9, 2024

@aaronrosser Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-cla
Copy link

pivotal-cla commented Jan 9, 2024

@aaronrosser Thank you for signing the Contributor License Agreement!

@aaronrosser aaronrosser marked this pull request as ready for review January 9, 2024 23:54
@aaronrosser aaronrosser changed the title Exclude url query from checkpoint and exception Exclude URI query parameters from DefaultWebClient checkpoint and WebClientResponseException Jan 9, 2024
@aaronrosser aaronrosser force-pushed the exclude-url-query-from-checkpoint-and-exception branch from 811832b to e6fe130 Compare January 10, 2024 00:47
aaronrosser
aaronrosser commented Jan 10, 2024
View reviewed changes
...c/main/java/org/springframework/web/reactive/function/client/WebClientResponseException.java
(request != null ? " from " + request.getMethod() + " " + getUriToLog(request.getURI()) : "");
}

private static URI getUriToLog(URI uri) {
Copy link
Contributor Author

@aaronrosser aaronrosser Jan 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this method should go in WebClientUtils? 🤔

@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Jan 10, 2024
@rstoyanchev rstoyanchev self-assigned this Jan 10, 2024
@rstoyanchev rstoyanchev added this to the 6.1.3 milestone Jan 10, 2024
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 10, 2024
@rstoyanchev rstoyanchev changed the title Exclude URI query parameters from DefaultWebClient checkpoint and WebClientResponseException Exclude URI query from remaining WebClient checkpoints Jan 10, 2024
rstoyanchev pushed a commit that referenced this pull request Jan 10, 2024
@aaronrosser @rstoyanchev
Exclude query from URI in WebClient checkpoints
1e49334 
See gh-31992
@rstoyanchev
Copy link
Contributor

rstoyanchev commented Jan 10, 2024

Thanks for the pull request. I added a method to WebClientUtils and used it in all places of logging, including one additional one in DefaultClientResponse.

@rstoyanchev rstoyanchev added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-6.0.x labels Jan 10, 2024
@rstoyanchev rstoyanchev mentioned this pull request Jan 10, 2024
Closed
rstoyanchev added a commit that referenced this pull request Jan 10, 2024
@rstoyanchev
Exclude query from URI in WebClient checkpoints
6df8be8 
Closes gh-31992
@aaronrosser
Copy link
Contributor Author

aaronrosser commented Jan 10, 2024

Thanks for the pull request. I added a method to WebClientUtils and used it in all places of logging, including one additional one in DefaultClientResponse.

That was quick. Thank you 😀

@rstoyanchev rstoyanchev mentioned this pull request Jan 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rstoyanchev rstoyanchev

Labels

in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement

Projects

None yet

Milestone

6.1.3

Development

Successfully merging this pull request may close these issues.

4 participants

@aaronrosser @pivotal-cla @rstoyanchev @spring-projects-issues