Do not capture cookies and credentials in net log

[sethlu]

Should fix a regression issue since v2.0.0 that began logging cookies and credentials in the net log dump.

Example before:

{"params":{"headers":["Host: electronjs.org","Connection: keep-alive","Upgrade-Insecure-Requests: 1","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.150 Electron/0.0.0-dev Safari/537.36","Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding: gzip, deflate","Accept-Language: en-US","Cookie: _ga=GA1.2.841154891.1527180598; _gid=GA1.2.1425473778.1527180598","If-None-Match: W/\"fa71-1YHlWm/t2URUlWiRjYQEfcqoWdk\""],"line":"GET /blog HTTP/1.1\r\n"},"phase":0,"source":{"id":7,"type":1},"time":"66290013","type":152},

Example after (with [64 bytes were stripped]):

{"params":{"headers":["Host: electronjs.org","Connection: keep-alive","Upgrade-Insecure-Requests: 1","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.150 Electron/0.0.0-dev Safari/537.36","Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding: gzip, deflate","Accept-Language: en-US","Cookie: [64 bytes were stripped]","If-None-Match: W/\"fa71-1YHlWm/t2URUlWiRjYQEfcqoWdk\""],"line":"GET /blog HTTP/1.1\r\n"},"phase":0,"source":{"id":7,"type":1},"time":"66386714","type":152},

[nornagon]

LGTM. How did this regress?!

[sethlu]

@nornagon Currently, all the net logs we get displays explicit cookie information which requires additional stripping, which wasn't the case with Electron < v2.0.0.

Ref on capture mode: https://cs.chromium.org/chromium/src/net/log/net_log_capture_mode.h?type=cs&g=0

[nornagon]

Ah yeah, I get what's going on, but I'm wondering why it changed with v2. It looks like the code was previously set to log cookies & credentials.

[MarshallOfSound]

@sethlu I'm also not sure how this was a regression, can you explain how it changed in 2.0.0 it looks like we were explicitly asking for cookies and creds before 🤔

[deepak1556]

Agreed that the behavior changed with CH61 upgrade in 0ad967c#diff-6c198fc87cc0c1f184c47aacd927fabd , before that we were using the default capture mode where private data was stripped out. Thanks for the change!

[MarshallOfSound]

Ah I see, thanks @deepak1556

[MarshallOfSound]

/trop run backport

[trop]

The backport process for this PR has been manually initiated, here we go! :D

[trop]

We have automatically backported this PR to "2-0-x", please check out #13537

[trop]

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

[alexeykuzmin]

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

@sethlu Can you please manually backport the change to the 3-0-x branch?

[sethlu]

@alexeykuzmin Thanks for letting me know! I think this was merged into master before 3-0-x was cut -- prolly that's why the backport was failing.

[jkleinsc]

@alexeykuzmin @sethlu is right. It was included in the 3.0.0-beta.1 release: https://github.com/electron/electron/releases/tag/v3.0.0-beta.1

[alexeykuzmin]

@sethlu Oh, you're right. I should've checked the merge commit date.