The source project of this merge request has been removed.
Resolve "Don't log query strings"
GitLab Pages does nothing with query strings, but JS hosted on pages may demand tokens or other credentials to be present in them. To be safe, we should avoid logging them at all.
Log output before this change:
# logging.go change:
group.gitlab-example.com 127.0.0.1:45324 - - [2018-03-26 17:58:43.93857839 +0100 BST] "GET /foo?token=bar HTTP/1.1" 404 3067 "https://example.com/foo?token=bar" "curl/7.52.1" 0.000470
And after:
group.gitlab-example.com 127.0.0.1:45342 - - [2018-03-26 17:59:21.197902047 +0100 BST m=+1.719440391] "GET /foo HTTP/1.1" 404 3067 "https://example.com/foo" "curl/7.52.1" 0.000303
Note that we strip them out of both the request URI and the referer URI.
Closes #116 (closed)
Edited by 🤖 GitLab Bot 🤖