-
Notifications
You must be signed in to change notification settings - Fork 37.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid parsing request body in DispatcherServlet for "parameters={masked}" log message #28587
Comments
Yes, It will cause |
This happens transparently when request parameters are accessed. It's how the Servlet API works. We can't prevent it from happening entirely but rather accept that it can happen. There are two ways form data can be used. For data binding, which is the most convenient way to handle form data, it makes no difference because we bind from request parameters. For Did you run into a specific issue or just happened to notice? |
Hi @rstoyanchev, Thanks for your reply. I understand this might happen transparently (e.g. the FormContentFilter implementation has a similar effect on PATCH requests). |
I think it's important to show "masked" for request parameters in order to hint that there is something to see if logging is changed. We could however print the same when the content-type is "application/x-www-form-urlencoded" and thus avoid the |
Affects: spring-webmvc-5.3.20 and possibly many more
When having trace logging enabled... e.g.
and sending a POST request with content type application/x-www-form-urlencoded, the body of the request may be consumed by trace logging and only an empty stream or reader be available for the application.
The reason seems to be this line: https://github.com/spring-projects/spring-framework/blob/main/spring-webmvc/src/main/java/org/springframework/web/servlet/DispatcherServlet.java#L988
Even though it only attempts to check for existence of parameters it also triggers parsing of parameters which seems to consume the request body.
The text was updated successfully, but these errors were encountered: