Permit excluding sensitive headers from dump on fatal error
#37,793 建立於 2024年12月23日
倉庫指標
- Star
- (27,997 star)
- PR 合併指標
- (平均合併 8天) (30 天內合併 378 個 PR)
描述
Description: On fatal error, Envoy will dump a stack trace and additional details about the program state to the log/stderr for debugging purposes. If this happens during handling of a request, the dumped information includes all request headers. This can cause sensitive information to appear in the stderr output.
For example, if the request uses basic authentication, the "Authorization" header containing base64-encoded credentials will be visible in the logs.
These specific prints happen in FilterManager::dumpState, in the line DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()).
As far as I can tell, there is currently no option to disable this functionality. Would it be possible to provide such an option, either as runtime configuration, or even as a build-time setting?
If there is support for this request I don't mind taking a crack at the code, though I don't think I understand it well enough to make the filtering selective. (i.e.: So that it excludes the "Authorization" header but still dumps all the rest.)