cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kibana logger exposes secure headers in a debug mode

pepl
Active Participant

on ‎04-15-2022 9:38 AM

Hi,

We use DEBUG=hana to print executed SQL statements in our pod.

After switching to Kibana logs we found that logger started printing all request headers including some secrets like we use internally 'X-Abcdef-Authentication' for example.

In kibana.js I found a following code:

I think it makes sense here to introduce kind of configuration when we can exclude specific headers from being printed out.

Same for cookie, it's even worse.. contains too much data to show.. It would be nice to hide it too.

What do you think?

Thanks!

Show replies
Show replies
pepl
Active Participant
‎04-22-2022 9:36 AM
0 Kudos

steffen.weinstock could you please help to tag a right person for this issue? Thank you!

pepl
Active Participant
‎06-03-2022 12:15 PM
0 Kudos

vobu could you please advise who can look into this issue? thanks!

gregorw
Active Contributor
‎06-05-2022 6:33 PM

Hi Petr,

don't think that Volker can help here. Would hope that someone form the SAP CAP Team takes care of this issue.

Best Regards
Gregor

vobu
Active Contributor
‎06-09-2022 8:15 AM

Hi Petr, yeah, as Gregor has already said, nothing I can do here - other than comment in the hopes that the CAP folks are becoming aware of the issue.

Sorry, V.

Answer
View Entire Topic
vansyckel
Advisor
Advisor
‎12-06-2023 12:03 PM
0 Kudos

Hi Petr,

We added configurability in @sap/cds@7.5.0 (to be released in Dec.).

Best,
Sebastian

Show replies
Show replies
Ask a Question