[Breaking change]: Uri query redaction in IHttpClientFactory logs #42792
Labels
breaking-change
Indicates a .NET Core breaking change
doc-idea
Indicates issues that are suggestions for new topics [org][type][category]
in-pr
This issue will be closed (fixed) by an active pull request.
Pri1
High priority, do before Pri2 and Pri3
📌 seQUESTered
Identifies that an issue has been imported into Quest.
Description
In .NET 9, the default implementation of
IHttpClientFactory
logs and log scopes has been modified to scrub query strings when logging Uri information. This change is aimed at enhancing privacy by preventing the logging of potentially sensitive information contained in query strings. For scenarios where logging query strings is necessary and deemed safe, this behavior can be overridden by enabling theSystem.Net.Http.DisableUriRedaction
AppContext switch or by setting theDOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION
environment variable.Version
.NET 9 Preview 7
Previous behavior
Previously, the default implementation of
IHttpClientFactory
logging included query strings in the messages passed toILogger
, which could inadvertently expose sensitive information.New behavior
dotnet/runtime#103769 changed the messages passed to
ILogger
so that query strings are replaced by a*
character. Developers can enable query string logging globally by setting theSystem.Net.Http.DisableUriRedaction
AppContext switch or theDOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION
environment variable.Type of breaking change
Reason for change
The primary reason for this change is to enhance privacy by reducing the risk of sensitive information being logged inadvertently. Query strings often contain sensitive data and excluding them from logs by default helps protect this information.
Recommended action
If your application relies on logging query strings and you are confident that it is safe to do so, you can enable query string logging globally by setting the
System.Net.Http.DisableUriRedaction
AppContext switch or theDOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION
environment variable. Otherwise, no action is required, and the default behavior will help enhance the privacy of your application.Note that these switches will also disable query string redaction in
HttpClient
EventSource events.Feature area
Networking
Affected APIs
Microsoft.Extensions.DependencyInjection.HttpClientFactoryServiceCollectionExtensions.AddHttpClient
, all overloads assuming the default logging implementation is not replaced.Associated WorkItem - 340216
The text was updated successfully, but these errors were encountered: