Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Mask certain HTTP headers in the HTTP access log #44475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mabartos wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Mask certain HTTP headers in the HTTP access log #44475

mabartos wants to merge 1 commit into from

Conversation

@mabartos
Copy link
Contributor

@mabartos mabartos commented Nov 25, 2025
edited
Loading

@keycloak-github-bot keycloak-github-bot bot mentioned this pull request Nov 25, 2025
Closed
@mabartos mabartos self-assigned this Nov 25, 2025
@mabartos mabartos marked this pull request as ready for review November 25, 2025 18:11
@mabartos mabartos requested review from a team as code owners November 25, 2025 18:11
@keycloak-github-bot keycloak-github-bot bot mentioned this pull request Nov 25, 2025
Open
shawkins
shawkins reviewed Nov 25, 2025
View reviewed changes
quarkus/config-api/src/main/java/org/keycloak/config/HttpAccessLogOptions.java
public static final Option<List<String>> HTTP_ACCESS_LOG_MASKED_COOKIES = OptionBuilder.listOptionBuilder("http-access-log-masked-cookies", String.class)
.category(OptionCategory.HTTP_ACCESS_LOG)
.description("Set of HTTP Cookie headers whose values must be masked when the 'long' pattern or '%{ALL_REQUEST_HEADERS}' format is enabled with the 'http-access-log-pattern' option.")
.hidden() // hidden for now as we do not have the full Quarkus support for this yet
Copy link
Contributor

@shawkins shawkins Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it matter if there's quarkus support whether this is hidden?

Will this ever be set by a user? If so, we could consider making it additive to the default.

Copy link
Contributor Author

@mabartos mabartos Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was rather for purposes to be on a safe side, but yes, it might not be hidden.

It's expected that some additives will be there: #44433

@mabartos
Copy link
Contributor Author

mabartos commented Nov 26, 2025

Put on hold, as we probably wait for Quarkus to have it included (needs to be discussed with them).

This PR can hang in here for cases it's not included in Quarkus in the foreseeable future.

@mabartos mabartos added the status/hold PR should not be merged. On hold for later. label Nov 26, 2025
@mabartos mabartos marked this pull request as draft November 26, 2025 12:02
@shawkins
Copy link
Contributor

shawkins commented Nov 26, 2025

This PR can hang in here for cases it's not included in Quarkus in the foreseeable future.

Makes sense. One more thought - it would be safer to specify what headers / cookies can be shown vs. what should be masked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shawkins shawkins shawkins left review comments

@vmuzikar vmuzikar Awaiting requested review from vmuzikar

At least 1 approving review is required to merge this pull request.

Assignees

@mabartos mabartos

Labels

flaky-test status/hold PR should not be merged. On hold for later. team/cloud-native

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Mask certain HTTP headers in the HTTP access log

2 participants

@mabartos @shawkins