[GitHub] [druid] maytasm commented on a change in pull request #11711: Add new config to filter internal Druid-related messages from Query API response

Thu, 16 Sep 2021 01:54:59 -0700 


maytasm commented on a change in pull request #11711:
URL: https://github.com/apache/druid/pull/11711#discussion_r709921117



##########
File path: 
server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java
##########
@@ -145,6 +150,13 @@ public ServerConfig()
   @NotNull
   private List<String> allowedHttpMethods = ImmutableList.of();
 
+  @JsonProperty
+  @NotNull
+  private List<Pattern> responseWhitelistRegex = ImmutableList.of();

Review comment:
       I imagine the setting for filterResponse will apply to all HTTP error 
responses. Currently it does apply to API outside of query APIs if the error is 
thrown in the Jetty filter layer. For example, if you access non-query API with 
invalid auth or an invalid API endpoint.
   
   The setting for responseWhitelistRegex...I am not sure yet. I think it can 
apply to all HTTP error responses. Another idea I had was instead of using a 
whitelist, we can use a blacklist regex. Then it would be simpler to blacklist 
with regex like `org\.apache\..*` and `java\..*` to filter out stack traces.  
This would then be easy to apply to all HTTP error repsonses.

##########
File path: 
server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java
##########
@@ -145,6 +150,13 @@ public ServerConfig()
   @NotNull
   private List<String> allowedHttpMethods = ImmutableList.of();
 
+  @JsonProperty
+  @NotNull
+  private List<Pattern> responseWhitelistRegex = ImmutableList.of();

Review comment:
       I imagine the setting for filterResponse will apply to all HTTP error 
responses. Currently it does apply to API outside of query APIs if the error is 
thrown in the Jetty filter layer. For example, if you access non-query API with 
invalid auth or an invalid API endpoint.
   
   The setting for responseWhitelistRegex...I am not sure yet. I think it can 
apply to all HTTP error responses. Another idea I had was instead of using a 
whitelist, we can use a blacklist regex. Then it would be simpler to blacklist 
with regex like `org\.apache\..*` and `java\..*` to filter out stack traces.  
This would then be easy to apply to all HTTP error responses.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to