Resolve "Don't log query strings" (!77) · Merge requests · GitLab.org / gitlab-pages

The source project of this merge request has been removed.

Nick Thomas requested to merge (removed):116-dont-log-query-strings into master Mar 26, 2018

GitLab Pages does nothing with query strings, but JS hosted on pages may demand tokens or other credentials to be present in them. To be safe, we should avoid logging them at all.

Log output before this change:

# logging.go change:
group.gitlab-example.com 127.0.0.1:45324 - - [2018-03-26 17:58:43.93857839 +0100 BST] "GET /foo?token=bar HTTP/1.1" 404 3067 "https://example.com/foo?token=bar" "curl/7.52.1" 0.000470

And after:

group.gitlab-example.com 127.0.0.1:45342 - - [2018-03-26 17:59:21.197902047 +0100 BST m=+1.719440391] "GET /foo HTTP/1.1" 404 3067 "https://example.com/foo" "curl/7.52.1" 0.000303

Note that we strip them out of both the request URI and the referer URI.

Closes #116 (closed)

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Resolve "Don't log query strings"

Merge request reports