Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log the entire body if non-OK fills up disk quickly #306

Open
jqmichael opened this issue Jun 8, 2021 · 2 comments · May be fixed by #376
Open

Log the entire body if non-OK fills up disk quickly #306

jqmichael opened this issue Jun 8, 2021 · 2 comments · May be fixed by #376

Comments

@jqmichael
Copy link

jqmichael commented Jun 8, 2021
edited

If OIDC page return non-OK status, the current behavior would log the body, which may fill up the disk if it's large enough.

https://github.com/coreos/go-oidc/blob/v3/oidc/oidc.go#L244-L246

Would it be OK not to log the body?

func (p *Provider) UserInfo
       ...
	if resp.StatusCode != http.StatusOK {		
              return nil, fmt.Errorf("%s: %s", resp.Status, body)	
       }
}
@ericchiang
Copy link
Collaborator

If you'd like to send a PR to limit the amount of information read, happy to take it!

@mason-liu
Copy link

mason-liu commented Apr 22, 2022
edited

@ericchiang Any suggestion for the limit? Or if the body size reaches out threshold just ignore the body?

drakkan added a commit to drakkan/go-oidc that referenced this issue Apr 25, 2023
@drakkan
limit the size of the logged response to 2048 bytes in error cases
3003d48 
Fixes coreos#306
@drakkan drakkan linked a pull request Apr 25, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

limit the size of the logged response to 2048 bytes in error cases drakkan/go-oidc
3 participants
@ericchiang @mason-liu @jqmichael