New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
W3CLogger Custom Fields #41698
Comments
This seems like a reasonable request. @blowdart Any concerns? |
Thanks for contacting us. We're moving this issue to the |
Off by default, and with dire warnings in documentations please |
PR opened in #41753 |
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
|
API Review notes:
namespace Microsoft.AspNetCore.HttpLogging;
public sealed class W3CLoggerOptions
{
+ /// <summary>
+ /// Barry approved summary mentioning security implications
+ /// </summary>
+ public ISet<string> AdditionalRequestHeaders { get; } This isn't API, but we feel |
Thanks. The API review notes make sense to me, I'll proceed with updating the PR using
That works, I see there are currently these flags we check for: |
A follow up proposal has been added for response headers in #42208 |
Background and Motivation
W3CLogger supports logging many pieces of the processed requests, including some HTTP headers. We'd like the ability to pass in a list of additional headers to be logged, which will be logged after all of the LoggingFields have been written.
Example:
Proposed API
Usage Examples
Alternative Designs
Some of this functionality is supported in IIS logging:
https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/
<add logFieldName="X-Forwarded-For" sourceName="X_FORWARDED_FOR" sourceType="RequestHeader" />
An earlier iteration of this proposal had support for custom field names:
Risks
It should be fine if future additions to W3CLoggingFields are made, as long as the custom fields are always rendered afterwards. Consumers of this library will need to opt-in to custom logging anyway.
It should probably be discouraged to use
W3CLoggingFields.All
in combination with custom headers, since a package update could add an additional field and disrupt the order of parsing custom fields (based on string position) by downstream tools.The text was updated successfully, but these errors were encountered: