[Breaking Change]: HttpTelemetry Redacts Query Strings by Default
Description:
In .NET 9, the default behavior of HttpTelemetry (EventSource "System.Net.Http") has been modified to redact query strings. This change is aimed at enhancing security by preventing the logging of potentially sensitive information contained in query strings. The same opt-out mechanism used for distributed tracing (Activity) and HttpClientFactory logging is applied here. For scenarios where logging query strings is necessary and deemed safe, this behavior can be overridden by enabling the System.Net.Http.DisableUriRedaction AppContext switch or by setting the DOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION environment variable.
Previous Behavior:
Previously, HttpTelemetry logs included query strings by default, which could inadvertently expose sensitive information.
New Behavior:
With the new change, query strings are redacted from HttpTelemetry logs by default. Developers can enable query string logging globally by setting the System.Net.Http.DisableUriRedaction AppContext switch or the DOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTION environment variable.
Type of breaking change:
- Behavioral change: Existing binaries might behave differently at run time.
Reason for Change:
The primary reason for this change is to enhance security by reducing the risk of sensitive information being logged inadvertently. Query strings often contain sensitive data, and redacting them from logs by default helps protect this information.
Recommended Action:
If your application relies on logging query strings and you are confident that it is safe to do so, you can enable query string logging globally by setting the
System.Net.Http.DisableUriRedactionAppContext switch or theDOTNET_SYSTEM_NET_HTTP_DISABLEURIREDACTIONenvironment variable. Otherwise, no action is required, and the default behavior will help enhance the security of your application. Feature area: - Networking