Page MenuHomePhabricator

Citoid is logging all request / response headers as separate fields
Open, MediumPublic


This is similar but different than T238083: Citoid logs fields explosion in which it looks like citoid will log all headers for its error request/responses as separate fields, e.g.

          "err_headers_accept-ch": {
          "err_headers_accept-ch-lifetime": {
          "err_headers_accept-ranges": {
          "err_headers_access-control-allow-credentials": {
          "err_headers_x-via-edge": {
          "err_headers_x-via-fastly": {
          "err_headers_x-wix-request-id": {
          "err_headers_x-xss-protection": {

This is problematic because such headers can be controlled by users and might end up spamming elasticsearch fields. I don't know if this is a citoid thing or a preq library thing though (cc @mobrovac) and it isn't super urgent, but a potential problem for sure.

More context of this (elasticsearch fields explosion) work: T180051 T189333

Event Timeline

Mvolz added a project: SRE.
jijiki triaged this task as Medium priority.Feb 5 2020, 6:02 PM
jijiki added a project: serviceops.