[GitHub] [skywalking] wu-sheng commented on a change in pull request #5348: support http header tag

Tue, 18 Aug 2020 02:42:22 -0700 


wu-sheng commented on a change in pull request #5348:
URL: https://github.com/apache/skywalking/pull/5348#discussion_r472040897



##########
File path: 
apm-sniffer/apm-sdk-plugin/spring-plugins/mvc-annotation-commons/src/main/java/org/apache/skywalking/apm/plugin/spring/mvc/commons/SpringMVCPluginConfig.java
##########
@@ -35,16 +38,35 @@
              * request.
              */
             public static boolean COLLECT_HTTP_PARAMS = false;
+
+            /**
+             * This config item controls that whether the SpringMVC plugin 
should collect the headers of the
+             * request.
+             */
+            public static boolean COLLECT_HTTP_HEADERS = false;
         }
 
         @PluginConfig(root = SpringMVCPluginConfig.class)
         public static class Http {
             /**
              * When either {@link Plugin.SpringMVC#COLLECT_HTTP_PARAMS} is 
enabled, how many characters to keep and send
              * to the OAP backend, use negative values to keep and send the 
complete parameters, NB. this config item is
-             * added for the sake of performance
+             * add for the sake of performance
              */
             public static int HTTP_PARAMS_LENGTH_THRESHOLD = 1024;
+
+            /**
+             * When either {@link Plugin.SpringMVC#COLLECT_HTTP_HEADERS} is 
enabled, how many characters to keep and send
+             * to the OAP backend, use negative values to keep and send the 
complete headers, NB. this config item is
+             * add for the sake of performance
+             */
+            public static int HTTP_HEADERS_LENGTH_THRESHOLD = 2048;
+
+            /**
+             * When either {@link Plugin.SpringMVC#COLLECT_HTTP_HEADERS} is 
enabled, control what header data should not
+             * collect, this is for security purpose, values must be lowed case
+             */
+            public static List<String> EXCLUDE_HTTP_HEADERS = 
Arrays.asList("cookie");

Review comment:
       You never know what are in the headers, and default this should be OFF.
   
   You also need to update the mvc plugin tests(not just UT), read the last 
section of plugin dev doc, that is about testing the agent in the real env. 
Then after this is OFF in default, you need to enhance that case, enable header 
collection and make tests passed.
   
   Currently, as the default ON, the Spring related plugin tests will be 
failure.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to