New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not capture cookies and credentials in net log #13065

Merged
merged 1 commit into from May 24, 2018

Conversation

Projects
None yet
7 participants
@sethlu
Member

sethlu commented May 24, 2018

Should fix a regression issue since v2.0.0 that began logging cookies and credentials in the net log dump.

Example before:

{"params":{"headers":["Host: electronjs.org","Connection: keep-alive","Upgrade-Insecure-Requests: 1","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.150 Electron/0.0.0-dev Safari/537.36","Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding: gzip, deflate","Accept-Language: en-US","Cookie: _ga=GA1.2.841154891.1527180598; _gid=GA1.2.1425473778.1527180598","If-None-Match: W/\"fa71-1YHlWm/t2URUlWiRjYQEfcqoWdk\""],"line":"GET /blog HTTP/1.1\r\n"},"phase":0,"source":{"id":7,"type":1},"time":"66290013","type":152},

Example after (with [64 bytes were stripped]):

{"params":{"headers":["Host: electronjs.org","Connection: keep-alive","Upgrade-Insecure-Requests: 1","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.150 Electron/0.0.0-dev Safari/537.36","Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding: gzip, deflate","Accept-Language: en-US","Cookie: [64 bytes were stripped]","If-None-Match: W/\"fa71-1YHlWm/t2URUlWiRjYQEfcqoWdk\""],"line":"GET /blog HTTP/1.1\r\n"},"phase":0,"source":{"id":7,"type":1},"time":"66386714","type":152},

@sethlu sethlu self-assigned this May 24, 2018

@sethlu sethlu requested a review from electron/reviewers as a code owner May 24, 2018

@nornagon

LGTM. How did this regress?!

@sethlu

This comment has been minimized.

Show comment
Hide comment
@sethlu

sethlu May 24, 2018

Member

@nornagon Currently, all the net logs we get displays explicit cookie information which requires additional stripping, which wasn't the case with Electron < v2.0.0.

Ref on capture mode: https://cs.chromium.org/chromium/src/net/log/net_log_capture_mode.h?type=cs&g=0

Member

sethlu commented May 24, 2018

@nornagon Currently, all the net logs we get displays explicit cookie information which requires additional stripping, which wasn't the case with Electron < v2.0.0.

Ref on capture mode: https://cs.chromium.org/chromium/src/net/log/net_log_capture_mode.h?type=cs&g=0

@nornagon

This comment has been minimized.

Show comment
Hide comment
@nornagon

nornagon May 24, 2018

Contributor

Ah yeah, I get what's going on, but I'm wondering why it changed with v2. It looks like the code was previously set to log cookies & credentials.

Contributor

nornagon commented May 24, 2018

Ah yeah, I get what's going on, but I'm wondering why it changed with v2. It looks like the code was previously set to log cookies & credentials.

@codebytere codebytere merged commit fd25f59 into master May 24, 2018

11 checks passed

WIP ready for review
Details
ci/circleci: electron-linux-arm Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-arm-test Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-arm64 Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-arm64-test Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-ia32 Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-x64 Your tests passed on CircleCI!
Details
ci/circleci: electron-mas-x64 Your tests passed on CircleCI!
Details
ci/circleci: electron-osx-x64 Your tests passed on CircleCI!
Details
continuous-integration/appveyor/branch AppVeyor build succeeded
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details

@codebytere codebytere deleted the net-log-no-capture-cookies-credentials branch May 24, 2018

@MarshallOfSound

This comment has been minimized.

Show comment
Hide comment
@MarshallOfSound

MarshallOfSound May 25, 2018

Member

@sethlu I'm also not sure how this was a regression, can you explain how it changed in 2.0.0 it looks like we were explicitly asking for cookies and creds before 🤔

Member

MarshallOfSound commented May 25, 2018

@sethlu I'm also not sure how this was a regression, can you explain how it changed in 2.0.0 it looks like we were explicitly asking for cookies and creds before 🤔

@deepak1556

This comment has been minimized.

Show comment
Hide comment
@deepak1556

deepak1556 May 25, 2018

Member

Agreed that the behavior changed with CH61 upgrade in 0ad967c#diff-6c198fc87cc0c1f184c47aacd927fabd , before that we were using the default capture mode where private data was stripped out. Thanks for the change!

Member

deepak1556 commented May 25, 2018

Agreed that the behavior changed with CH61 upgrade in 0ad967c#diff-6c198fc87cc0c1f184c47aacd927fabd , before that we were using the default capture mode where private data was stripped out. Thanks for the change!

@MarshallOfSound

This comment has been minimized.

Show comment
Hide comment
@MarshallOfSound

MarshallOfSound May 25, 2018

Member

Ah I see, thanks @deepak1556

Member

MarshallOfSound commented May 25, 2018

Ah I see, thanks @deepak1556

@MarshallOfSound

This comment has been minimized.

Show comment
Hide comment
@MarshallOfSound

MarshallOfSound Jul 2, 2018

Member

/trop run backport

Member

MarshallOfSound commented Jul 2, 2018

/trop run backport

@trop

This comment has been minimized.

Show comment
Hide comment
@trop

trop bot Jul 2, 2018

The backport process for this PR has been manually initiated, here we go! :D

trop bot commented Jul 2, 2018

The backport process for this PR has been manually initiated, here we go! :D

@trop

This comment has been minimized.

Show comment
Hide comment
@trop

trop bot Jul 2, 2018

We have automatically backported this PR to "2-0-x", please check out #13537

trop bot commented Jul 2, 2018

We have automatically backported this PR to "2-0-x", please check out #13537

@trop trop bot added merged/2-0-x and removed target/2-0-x labels Jul 2, 2018

@trop

This comment has been minimized.

Show comment
Hide comment
@trop

trop bot Jul 2, 2018

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

trop bot commented Jul 2, 2018

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

@alexeykuzmin

This comment has been minimized.

Show comment
Hide comment
@alexeykuzmin

alexeykuzmin Jul 4, 2018

Contributor

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

@sethlu Can you please manually backport the change to the 3-0-x branch?

Contributor

alexeykuzmin commented Jul 4, 2018

An error occurred while attempting to backport this PR to "3-0-x", you will need to perform this backport manually

@sethlu Can you please manually backport the change to the 3-0-x branch?

@sethlu

This comment has been minimized.

Show comment
Hide comment
@sethlu

sethlu Jul 5, 2018

Member

@alexeykuzmin Thanks for letting me know! I think this was merged into master before 3-0-x was cut -- prolly that's why the backport was failing.

Member

sethlu commented Jul 5, 2018

@alexeykuzmin Thanks for letting me know! I think this was merged into master before 3-0-x was cut -- prolly that's why the backport was failing.

@jkleinsc

This comment has been minimized.

Show comment
Hide comment
@jkleinsc

jkleinsc Jul 5, 2018

Contributor

@alexeykuzmin @sethlu is right. It was included in the 3.0.0-beta.1 release: https://github.com/electron/electron/releases/tag/v3.0.0-beta.1

Contributor

jkleinsc commented Jul 5, 2018

@alexeykuzmin @sethlu is right. It was included in the 3.0.0-beta.1 release: https://github.com/electron/electron/releases/tag/v3.0.0-beta.1

@alexeykuzmin

This comment has been minimized.

Show comment
Hide comment
@alexeykuzmin

alexeykuzmin Jul 5, 2018

Contributor

@sethlu Oh, you're right. I should've checked the merge commit date.

Contributor

alexeykuzmin commented Jul 5, 2018

@sethlu Oh, you're right. I should've checked the merge commit date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment