From 5bf0adad8748e96e10529d5fc5777afc9236a7b5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 2 Dec 2021 15:26:24 -0500 Subject: caddyhttp: Make logging of credential headers opt-in (#4438) --- caddyconfig/httpcaddyfile/serveroptions.go | 31 +++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 9e94b86..623f4d7 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -33,15 +33,16 @@ type serverOptions struct { ListenerAddress string // These will all map 1:1 to the caddyhttp.Server struct - ListenerWrappersRaw []json.RawMessage - ReadTimeout caddy.Duration - ReadHeaderTimeout caddy.Duration - WriteTimeout caddy.Duration - IdleTimeout caddy.Duration - MaxHeaderBytes int - AllowH2C bool - ExperimentalHTTP3 bool - StrictSNIHost *bool + ListenerWrappersRaw []json.RawMessage + ReadTimeout caddy.Duration + ReadHeaderTimeout caddy.Duration + WriteTimeout caddy.Duration + IdleTimeout caddy.Duration + MaxHeaderBytes int + AllowH2C bool + ExperimentalHTTP3 bool + StrictSNIHost *bool + ShouldLogCredentials bool } func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error) { @@ -134,6 +135,12 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error } serverOpts.MaxHeaderBytes = int(size) + case "log_credentials": + if d.NextArg() { + return nil, d.ArgErr() + } + serverOpts.ShouldLogCredentials = true + case "protocol": for nesting := d.Nesting(); d.NextBlock(nesting); { switch d.Val() { @@ -222,6 +229,12 @@ func applyServerOptions( server.AllowH2C = opts.AllowH2C server.ExperimentalHTTP3 = opts.ExperimentalHTTP3 server.StrictSNIHost = opts.StrictSNIHost + if opts.ShouldLogCredentials { + if server.Logs == nil { + server.Logs = &caddyhttp.ServerLogConfig{} + } + server.Logs.ShouldLogCredentials = opts.ShouldLogCredentials + } } return nil -- cgit v1.2.3