Skip to content

[Breaking change]: Uri query redaction in IHttpClientFactory logs #42792

New issue
New issue
Closed
#43351
Closed
[Breaking change]: Uri query redaction in IHttpClientFactory logs#42792
#43351
Assignees
gewarren
Labels
📌 seQUESTeredIdentifies that an issue has been imported into Quest.breaking-changeIndicates a .NET Core breaking changein-prThis issue will be closed (fixed) by an active pull request.
@liveans

Description

@liveans
liveans
opened on Oct 2, 2024

Description

In .NET 9, the default implementation of IHttpClientFactory logs and log scopes has been modified to scrub query strings when logging Uri information. This change is aimed at enhancing privacy by preventing the logging of potentially sensitive information contained in query strings. For scenarios where logging query strings is necessary and deemed safe, this behavior can be overridden by enabling the System.Net.Http.DisableUriRedaction AppContext switch or by setting the DOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION environment variable.

Version

.NET 9 Preview 7

Previous behavior

Previously, the default implementation of IHttpClientFactory logging included query strings in the messages passed to ILogger, which could inadvertently expose sensitive information.

New behavior

dotnet/runtime#103769 changed the messages passed to ILogger so that query strings are replaced by a * character. Developers can enable query string logging globally by setting the System.Net.Http.DisableUriRedaction AppContext switch or the DOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION environment variable.

Type of breaking change

  • Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
  • Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
  • Behavioral change: Existing binaries might behave differently at run time.

Reason for change

The primary reason for this change is to enhance privacy by reducing the risk of sensitive information being logged inadvertently. Query strings often contain sensitive data and excluding them from logs by default helps protect this information.

Recommended action

If your application relies on logging query strings and you are confident that it is safe to do so, you can enable query string logging globally by setting the System.Net.Http.DisableUriRedaction AppContext switch or the DOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION environment variable. Otherwise, no action is required, and the default behavior will help enhance the privacy of your application.

Note that these switches will also disable query string redaction in HttpClient EventSource events.

Feature area

Networking

Affected APIs

Microsoft.Extensions.DependencyInjection.HttpClientFactoryServiceCollectionExtensions.AddHttpClient, all overloads assuming the default logging implementation is not replaced.

Associated WorkItem - 340216

Metadata

Metadata

Assignees

Labels

📌 seQUESTeredIdentifies that an issue has been imported into Quest.breaking-changeIndicates a .NET Core breaking changein-prThis issue will be closed (fixed) by an active pull request.

Type

No type

Projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions