caddyhttp: Make logging of credential headers opt-in (#4438)

2025-10-19 15:53:17 +00:00 · 2021-12-02 15:26:24 -05:00 · 2021-12-02 15:26:24 -05:00 · 5bf0adad87
commit 5bf0adad87
parent 8e5aafa5cd
6 changed files with 81 additions and 24 deletions
--- a/caddyconfig/httpcaddyfile/serveroptions.go
+++ b/caddyconfig/httpcaddyfile/serveroptions.go
@ -33,15 +33,16 @@ type serverOptions struct {
 	ListenerAddress string

 	// These will all map 1:1 to the caddyhttp.Server struct
-	ListenerWrappersRaw []json.RawMessage
-	ReadTimeout         caddy.Duration
-	ReadHeaderTimeout   caddy.Duration
-	WriteTimeout        caddy.Duration
-	IdleTimeout         caddy.Duration
-	MaxHeaderBytes      int
-	AllowH2C            bool
-	ExperimentalHTTP3   bool
-	StrictSNIHost       *bool
+	ListenerWrappersRaw  []json.RawMessage
+	ReadTimeout          caddy.Duration
+	ReadHeaderTimeout    caddy.Duration
+	WriteTimeout         caddy.Duration
+	IdleTimeout          caddy.Duration
+	MaxHeaderBytes       int
+	AllowH2C             bool
+	ExperimentalHTTP3    bool
+	StrictSNIHost        *bool
+	ShouldLogCredentials bool
 }

 func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error) {
@ -134,6 +135,12 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error
 				}
 				serverOpts.MaxHeaderBytes = int(size)

+			case "log_credentials":
+				if d.NextArg() {
+					return nil, d.ArgErr()
+				}
+				serverOpts.ShouldLogCredentials = true
+
 			case "protocol":
 				for nesting := d.Nesting(); d.NextBlock(nesting); {
 					switch d.Val() {
@ -222,6 +229,12 @@ func applyServerOptions(
 		server.AllowH2C = opts.AllowH2C
 		server.ExperimentalHTTP3 = opts.ExperimentalHTTP3
 		server.StrictSNIHost = opts.StrictSNIHost
+		if opts.ShouldLogCredentials {
+			if server.Logs == nil {
+				server.Logs = &caddyhttp.ServerLogConfig{}
+			}
+			server.Logs.ShouldLogCredentials = opts.ShouldLogCredentials
+		}
 	}

 	return nil