Permit excluding sensitive headers from dump on fatal error #37793
Assignees
Labels
Comments
slavak
added
enhancement
|
note: envoy maintainers will be mostly on vacation until 6th jan |
|
@slavak this is not the first time this has been requested - would be amazing to get an implementation |
|
/assign @agrawroh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
On fatal error, Envoy will dump a stack trace and additional details about the program state to the log/stderr for debugging purposes. If this happens during handling of a request, the dumped information includes all request headers. This can cause sensitive information to appear in the stderr output.
For example, if the request uses basic authentication, the "Authorization" header containing base64-encoded credentials will be visible in the logs.
These specific prints happen in
FilterManager::dumpState, in the lineDUMP_DETAILS(filter_manager_callbacks_.requestHeaders()).As far as I can tell, there is currently no option to disable this functionality. Would it be possible to provide such an option, either as runtime configuration, or even as a build-time setting?
If there is support for this request I don't mind taking a crack at the code, though I don't think I understand it well enough to make the filtering selective. (i.e.: So that it excludes the "Authorization" header but still dumps all the rest.)
The text was updated successfully, but these errors were encountered: