Fabian Bieler created CXF-8228:
----------------------------------
Summary: User generated headers in http responses are not logged
Key: CXF-8228
URL: https://issues.apache.org/jira/browse/CXF-8228
Project: CXF
Issue Type: Bug
Components: logging
Affects Versions: 3.2.9, 3.4.0
Reporter: Fabian Bieler
If an HTTP Servlet adds headers by using httpServletResponse.addHeader or
httpServletResponse.setHeader these headers are not logged by the
LoggingOutInterceptor.
This is because DefaultLogEventMapper::getHeaders only logs headers from the
message's "Message.PROTOCOL_HEADERS" field rather than the headers from the
HttpServletResponse in the Message's "HTTP.RESPONSE" field.
As far as I can tell the "Message.PROTOCOL_HEADERS" are merged into the
response's headers by Headers::copyToResponse.
So If the Message has an "HTTP.RESPONSE" field it should be safe to only log
the headers from that.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
