Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude URI query from remaining WebClient checkpoints #31992

Closed
wants to merge 2 commits into from
Closed

Exclude URI query from remaining WebClient checkpoints #31992

wants to merge 2 commits into from

Conversation

aaronrosser
Copy link
Contributor

@aaronrosser aaronrosser commented Jan 9, 2024
edited

Affects: latest (v6.1.2)
Module: spring-webflux

Continuing from this issue #29148 and its fix f9d8367 regarding full request URIs including sensitive query parameters being included in mono checkpoints.

This PR sanitises URIs included in

  • the mono checkpoint in DefaultWebClient.DefaultRequestBodyUriSpec::exchange
  • the message of WebClientResponseExceptions created via WebClientResponseException::create

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 9, 2024
@pivotal-cla
Copy link

@aaronrosser Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-cla
Copy link

@aaronrosser Thank you for signing the Contributor License Agreement!

@aaronrosser aaronrosser marked this pull request as ready for review January 9, 2024 23:54
@aaronrosser aaronrosser changed the title Exclude url query from checkpoint and exception Exclude URI query parameters from DefaultWebClient checkpoint and WebClientResponseException Jan 9, 2024
@aaronrosser aaronrosser force-pushed the exclude-url-query-from-checkpoint-and-exception branch from 811832b to e6fe130 Compare January 10, 2024 00:47
aaronrosser
aaronrosser commented Jan 10, 2024
View reviewed changes
...c/main/java/org/springframework/web/reactive/function/client/WebClientResponseException.java
(request != null ? " from " + request.getMethod() + " " + getUriToLog(request.getURI()) : "");
}

private static URI getUriToLog(URI uri) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this method should go in WebClientUtils? 🤔

@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Jan 10, 2024
@rstoyanchev rstoyanchev self-assigned this Jan 10, 2024
@rstoyanchev rstoyanchev added this to the 6.1.3 milestone Jan 10, 2024
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 10, 2024
@rstoyanchev rstoyanchev changed the title Exclude URI query parameters from DefaultWebClient checkpoint and WebClientResponseException Exclude URI query from remaining WebClient checkpoints Jan 10, 2024
@rstoyanchev rstoyanchev added the for: backport-to-6.0.x Marks an issue as a candidate for backport to 6.0.x label Jan 10, 2024
rstoyanchev pushed a commit that referenced this pull request Jan 10, 2024
@aaronrosser @rstoyanchev
Exclude query from URI in WebClient checkpoints
1e49334 
See gh-31992
@rstoyanchev
Copy link
Contributor

Thanks for the pull request. I added a method to WebClientUtils and used it in all places of logging, including one additional one in DefaultClientResponse.

@rstoyanchev rstoyanchev added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-6.0.x Marks an issue as a candidate for backport to 6.0.x labels Jan 10, 2024
@rstoyanchev rstoyanchev mentioned this pull request Jan 10, 2024
Closed
rstoyanchev added a commit that referenced this pull request Jan 10, 2024
@rstoyanchev
Exclude query from URI in WebClient checkpoints
6df8be8 
Closes gh-31992
@aaronrosser
Copy link
Contributor Author

Thanks for the pull request. I added a method to WebClientUtils and used it in all places of logging, including one additional one in DefaultClientResponse.

That was quick. Thank you 😀

@rstoyanchev rstoyanchev mentioned this pull request Jan 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
6.1.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aaronrosser @pivotal-cla @rstoyanchev @spring-projects-issues