From bca0317236fd7da7fd89579611267f2cc139f797 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 9 Sep 2021 18:50:50 +0000
Subject: [PATCH] [release/6.0] Un-redact safe request/response headers in
 HttpLoggingMiddleware (#36336)

* Un-redact safe request/response headers in HttpLoggingMiddleware

* Feedback

Co-authored-by: Will Godbe <wigodbe@microsoft.com>
---
 .../HttpLogging/src/HttpLoggingOptions.cs     | 38 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs b/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs
index e57afb632b9..7cb95ad36f1 100644
--- a/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs
+++ b/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs
@@ -30,14 +30,31 @@ namespace Microsoft.AspNetCore.HttpLogging
         internal HashSet<string> _internalRequestHeaders = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
         {
             HeaderNames.Accept,
+            HeaderNames.AcceptCharset,
             HeaderNames.AcceptEncoding,
             HeaderNames.AcceptLanguage,
             HeaderNames.Allow,
+            HeaderNames.CacheControl,
             HeaderNames.Connection,
+            HeaderNames.ContentEncoding,
             HeaderNames.ContentLength,
             HeaderNames.ContentType,
+            HeaderNames.Date,
+            HeaderNames.DNT,
+            HeaderNames.Expect,
             HeaderNames.Host,
-            HeaderNames.UserAgent
+            HeaderNames.MaxForwards,
+            HeaderNames.Range,
+            HeaderNames.SecWebSocketExtensions,
+            HeaderNames.SecWebSocketVersion,
+            HeaderNames.TE,
+            HeaderNames.Trailer,
+            HeaderNames.TransferEncoding,
+            HeaderNames.Upgrade,
+            HeaderNames.UserAgent,
+            HeaderNames.Warning,
+            HeaderNames.XRequestedWith,
+            HeaderNames.XUACompatible
         };
 
         /// <summary>
@@ -51,9 +68,26 @@ namespace Microsoft.AspNetCore.HttpLogging
 
         internal HashSet<string> _internalResponseHeaders = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
         {
+            HeaderNames.AcceptRanges,
+            HeaderNames.Age,
+            HeaderNames.Allow,
+            HeaderNames.AltSvc,
+            HeaderNames.Connection,
+            HeaderNames.ContentDisposition,
+            HeaderNames.ContentLanguage,
             HeaderNames.ContentLength,
+            HeaderNames.ContentLocation,
+            HeaderNames.ContentRange,
             HeaderNames.ContentType,
-            HeaderNames.TransferEncoding
+            HeaderNames.Date,
+            HeaderNames.Expires,
+            HeaderNames.LastModified,
+            HeaderNames.Location,
+            HeaderNames.Server,
+            HeaderNames.Status,
+            HeaderNames.TransferEncoding,
+            HeaderNames.Upgrade,
+            HeaderNames.XPoweredBy
         };
 
         /// <summary>
-- 
GitLab