Prevent Sensitive Information in ToString() Overrides of HTTP Classes #97
Assignees
Labels
bug
Something isn't working
Comments
hamzamahmood
added a commit
that referenced
this issue
Dec 17, 2024
- Removed ToString() overrides from HttpContext, HttpRequest, and HttpResponse to prevent exposure of sensitive information. - Bump package System.Net.Http.Json in test project due to reported vulnerability Closes #97
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current ToString() overrides in HTTP-related classes (e.g., HttpContext, HttpRequest, HttpResponse) risk exposing sensitive information.
To mitigate this risk, we propose removing the overridden ToString() methods in these classes and instead utilizing the logging framework for request and response logging. Logging provides support for masking or excluding sensitive headers and information.
The text was updated successfully, but these errors were encountered: