don't log referer when DNT header is set

skip Cookie headers in req logs
This commit is contained in:
Azareal 2021-03-02 18:47:36 +10:00
parent 4126e8ed0c
commit 75561508c8
2 changed files with 12 additions and 2 deletions

View File

@ -1012,6 +1012,10 @@ func (r *GenRouter) dumpRequest(req *http.Request, pre string,log *log.Logger) {
field("\nUA: ",req.UserAgent()) field("\nUA: ",req.UserAgent())
field("\nMethod: ",req.Method) field("\nMethod: ",req.Method)
for key, value := range req.Header { for key, value := range req.Header {
// Avoid logging this for security reasons
if key == "Cookie" {
continue
}
for _, vvalue := range value { for _, vvalue := range value {
sb.WriteString("\nHead ") sb.WriteString("\nHead ")
sb.WriteString(c.SanitiseSingleLine(key)) sb.WriteString(c.SanitiseSingleLine(key))
@ -1348,7 +1352,8 @@ func (r *GenRouter) ServeHTTP(w http.ResponseWriter, req *http.Request) {
likelyBot := ae == "gzip" || ae == "" likelyBot := ae == "gzip" || ae == ""
if !likelyBot { if !likelyBot {
ref := req.Header.Get("Referer") // Check the 'referrer' header too? :P ref := req.Header.Get("Referer") // Check the 'referrer' header too? :P
if ref != "" { // TODO: Extend the effects of DNT elsewhere?
if ref != "" && req.Header.Get("DNT") != "1" {
// ? Optimise this a little? // ? Optimise this a little?
ref = strings.TrimPrefix(strings.TrimPrefix(ref,"http://"),"https://") ref = strings.TrimPrefix(strings.TrimPrefix(ref,"http://"),"https://")
ref = strings.Split(ref,"/")[0] ref = strings.Split(ref,"/")[0]

View File

@ -595,6 +595,10 @@ func (r *GenRouter) dumpRequest(req *http.Request, pre string,log *log.Logger) {
field("\nUA: ",req.UserAgent()) field("\nUA: ",req.UserAgent())
field("\nMethod: ",req.Method) field("\nMethod: ",req.Method)
for key, value := range req.Header { for key, value := range req.Header {
// Avoid logging this for security reasons
if key == "Cookie" {
continue
}
for _, vvalue := range value { for _, vvalue := range value {
sb.WriteString("\nHead ") sb.WriteString("\nHead ")
sb.WriteString(c.SanitiseSingleLine(key)) sb.WriteString(c.SanitiseSingleLine(key))
@ -931,7 +935,8 @@ func (r *GenRouter) ServeHTTP(w http.ResponseWriter, req *http.Request) {
likelyBot := ae == "gzip" || ae == "" likelyBot := ae == "gzip" || ae == ""
if !likelyBot { if !likelyBot {
ref := req.Header.Get("Referer") // Check the 'referrer' header too? :P ref := req.Header.Get("Referer") // Check the 'referrer' header too? :P
if ref != "" { // TODO: Extend the effects of DNT elsewhere?
if ref != "" && req.Header.Get("DNT") != "1" {
// ? Optimise this a little? // ? Optimise this a little?
ref = strings.TrimPrefix(strings.TrimPrefix(ref,"http://"),"https://") ref = strings.TrimPrefix(strings.TrimPrefix(ref,"http://"),"https://")
ref = strings.Split(ref,"/")[0] ref = strings.Split(ref,"/")[0]