Permit excluding sensitive headers from dump on fatal error
#37,793 创建于 2024年12月23日
仓库指标
- Star
- (27,997 star)
- PR 合并指标
- (平均合并 8天) (30 天内合并 378 个 PR)
描述
Description: On fatal error, Envoy will dump a stack trace and additional details about the program state to the log/stderr for debugging purposes. If this happens during handling of a request, the dumped information includes all request headers. This can cause sensitive information to appear in the stderr output.
For example, if the request uses basic authentication, the "Authorization" header containing base64-encoded credentials will be visible in the logs.
These specific prints happen in FilterManager::dumpState, in the line DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()).
As far as I can tell, there is currently no option to disable this functionality. Would it be possible to provide such an option, either as runtime configuration, or even as a build-time setting?
If there is support for this request I don't mind taking a crack at the code, though I don't think I understand it well enough to make the filtering selective. (i.e.: So that it excludes the "Authorization" header but still dumps all the rest.)