Polish "Exclude cookie headers by default from HTTP traces"

See gh-22829
pull/22898/head
Andy Wilkinson 4 years ago
parent 5ff515727d
commit e358144b2e

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -37,8 +37,7 @@ public class HttpTraceProperties {
/** /**
* Items to be included in the trace. Defaults to request headers (excluding * Items to be included in the trace. Defaults to request headers (excluding
* Authorization but including Cookie), response headers (including Set-Cookie), and * Authorization and Cookie), response headers (excluding Set-Cookie), and time taken.
* time taken.
*/ */
private Set<Include> include = new HashSet<>(Include.defaultIncludes()); private Set<Include> include = new HashSet<>(Include.defaultIncludes());

@ -29,6 +29,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.boot.actuate.trace.http.HttpTrace.Request; import org.springframework.boot.actuate.trace.http.HttpTrace.Request;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap; import org.springframework.util.MultiValueMap;
@ -270,6 +271,29 @@ class HttpExchangeTracerTests {
assertThat(trace.getTimeTaken()).isNotNull(); assertThat(trace.getTimeTaken()).isNotNull();
} }
@Test
void defaultIncludes() {
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
requestHeaders.set(HttpHeaders.COOKIE, "value");
requestHeaders.set(HttpHeaders.AUTHORIZATION, "secret");
HttpExchangeTracer tracer = new HttpExchangeTracer(Include.defaultIncludes());
HttpTrace trace = tracer.receivedRequest(createRequest(requestHeaders));
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.set(HttpHeaders.SET_COOKIE, "test=test");
responseHeaders.setContentLength(0);
tracer.sendingResponse(trace, createResponse(responseHeaders), this::createPrincipal, () -> "sessionId");
assertThat(trace.getTimeTaken()).isNotNull();
assertThat(trace.getPrincipal()).isNull();
assertThat(trace.getSession()).isNull();
assertThat(trace.getTimestamp()).isNotNull();
assertThat(trace.getRequest().getMethod()).isEqualTo("GET");
assertThat(trace.getRequest().getRemoteAddress()).isNull();
assertThat(trace.getResponse().getStatus()).isEqualTo(204);
assertThat(trace.getRequest().getHeaders()).containsOnlyKeys(HttpHeaders.ACCEPT);
assertThat(trace.getResponse().getHeaders()).containsOnlyKeys(HttpHeaders.CONTENT_LENGTH);
}
private TraceableRequest createRequest() { private TraceableRequest createRequest() {
return createRequest(Collections.singletonMap(HttpHeaders.ACCEPT, Arrays.asList("application/json"))); return createRequest(Collections.singletonMap(HttpHeaders.ACCEPT, Arrays.asList("application/json")));
} }

Loading…
Cancel
Save