-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should include cookie field as well if present in pino req object #155
Comments
If you want to have these information, you can add your own serializer for req. |
I passed my own serializer in pinoHttp middleware options like below, but still not able to get cookies in req object being passed as an argument in the On checking saw that this req argument is being passed via this function Line 26 in 1a136f6
Reference in pino-http repo from where this is being called That is why added the change here, if there is any other approach than your guidance would be appreciated. Thanks!
|
can you please include a full reproduction? That should be there? |
@jsumners in context of - #156 (review)
|
@jsumners in context of - #156 (review)
I am using And this Seems like we cannot add custom logic for this unless we add support for that as well in Reproduction link - https://replit.com/@MDAkramSiddiqui/Testing81125 |
Incase above reproduction link do not work - https://codesandbox.io/p/devbox/p9s9h2 |
This comment was marked as off-topic.
This comment was marked as off-topic.
I don't know what this means. What is "autoLogging"?
https://github.com/pinojs/pino-http#logger-options clearly shows that you can supply your own serializer. |
autoLogging: set to false, to disable the automatic "request completed" and "request errored" logging. Defaults to true. If set to an object, you can provide more options.
Yes, I am passing my own serializer as mentioned in the doc, but still cannot access cookies because there is another wrapper function over the the request object that is being passed as param to the serializer function
Please refer |
'use strict'
const http = require('node:http')
const serializers = require('pino-std-serializers')
const logger = require('pino-http')({
serializers: {
req: serializers.req,
res: serializers.res
}
})
const server = http.createServer(handler)
server.listen(0)
http.get(`http://localhost:${server.address().port}/`, {
headers: {
cookie: 'my-cookie=foobar'
}
}).end()
function handler (req, res) {
logger(req, res)
req.log.info('servicing request')
res.end('ok')
} When I run that script I get:
We can see, the supplied cookie If we adjust the script to: 'use strict'
const http = require('node:http')
const serializers = require('pino-std-serializers')
const logger = require('pino-http')({
serializers: {
req: serializers.wrapRequestSerializer(reqSerializer),
res: serializers.res
}
})
const server = http.createServer(handler)
server.listen(0)
http.get(`http://localhost:${server.address().port}/`, {
headers: {
cookie: 'my-cookie=foobar'
}
}).end()
function handler (req, res) {
logger(req, res)
req.log.info('servicing request')
res.end('ok')
}
function reqSerializer (req) {
return { cookies: req.headers.cookie }
} Then we get:
So I am unclear what issue is being described. In fact, in my opinion, the real issue is that the |
This is what exactly
Basically, what you are seeing is the cookie string, express' I am also passing the serializer, as below -
its just that the parsed cookies object is not available. So it comes down to two options -
Yes, by default it should be redacted. |
@mcollina I think we both misunderstood the intent of #156. What it is doing is adding yet another framework specific compatibility like these: pino-std-serializers/lib/req.js Lines 66 to 67 in 1a136f6
pino-std-serializers/lib/req.js Lines 71 to 74 in 1a136f6
I think what was missing from the original PR was comments explaining that (as illustrated above). Should we re-open and ask for that change? |
gentle bump ^ |
@MDAkramSiddiqui a response will come when @mcollina is able to get to it. |
okay, will check with you guys again may be in a couple of days, I started bumping this thread as it was already 2 weeks since we last discussed. |
I understand. But this is not the only thing either of us maintain. And Matteo has a very high load to work through. |
yes I understand, will wait for your reply. |
@jsumners I can't understand why this is a compatibility thing. Accessing the pino-std-serializers/lib/req.js Lines 91 to 92 in 1a136f6
req.raw is defined as non-enumerable so it won't show up in logs. In other terms, you should be able to do something like:
I'm against showing up cookies by default, as it would be a significant security risk and a log of PII (which would violate GDPR). |
Then we need to patch the module and issue a new major. The cookies header is not omitted. |
this worked, thank you guys !! |
Can I pick this |
Go for it. |
Should likely also remove the following:
|
I am using cookie-parser to parse the cookie from headers to object that becomes available as cookie field on req object.
While using pino serializers for logging, I am not getting those parsed cookies in pino req object.
The text was updated successfully, but these errors were encountered: