[release/6.0] Un-redact safe request/response headers in HttpLoggingMiddleware (#36336)

* Un-redact safe request/response headers in HttpLoggingMiddleware * Feedback Co-authored-by: Will Godbe <wigodbe@microsoft.com>

[release/6.0] Un-redact safe request/response headers in HttpLoggingMiddleware (#36336)
bca03172 · github-actions[bot] · GitHub · 2f06d80d · bca03172
--- a/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs
+++ b/src/Middleware/HttpLogging/src/HttpLoggingOptions.cs
@@ -30,14 +30,31 @@ namespace Microsoft.AspNetCore.HttpLogging
        internal HashSet<string> _internalRequestHeaders = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
        {
            HeaderNames.Accept,
+            HeaderNames.AcceptCharset,
            HeaderNames.AcceptEncoding,
            HeaderNames.AcceptLanguage,
            HeaderNames.Allow,
+            HeaderNames.CacheControl,
            HeaderNames.Connection,
+            HeaderNames.ContentEncoding,
            HeaderNames.ContentLength,
            HeaderNames.ContentType,
+            HeaderNames.Date,
+            HeaderNames.DNT,
+            HeaderNames.Expect,
            HeaderNames.Host,
-            HeaderNames.UserAgent
+            HeaderNames.MaxForwards,
+            HeaderNames.Range,
+            HeaderNames.SecWebSocketExtensions,
+            HeaderNames.SecWebSocketVersion,
+            HeaderNames.TE,
+            HeaderNames.Trailer,
+            HeaderNames.TransferEncoding,
+            HeaderNames.Upgrade,
+            HeaderNames.UserAgent,
+            HeaderNames.Warning,
+            HeaderNames.XRequestedWith,
+            HeaderNames.XUACompatible
        };

        /// <summary>
@@ -51,9 +68,26 @@ namespace Microsoft.AspNetCore.HttpLogging

        internal HashSet<string> _internalResponseHeaders = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
        {
+            HeaderNames.AcceptRanges,
+            HeaderNames.Age,
+            HeaderNames.Allow,
+            HeaderNames.AltSvc,
+            HeaderNames.Connection,
+            HeaderNames.ContentDisposition,
+            HeaderNames.ContentLanguage,
            HeaderNames.ContentLength,
+            HeaderNames.ContentLocation,
+            HeaderNames.ContentRange,
            HeaderNames.ContentType,
-            HeaderNames.TransferEncoding
+            HeaderNames.Date,
+            HeaderNames.Expires,
+            HeaderNames.LastModified,
+            HeaderNames.Location,
+            HeaderNames.Server,
+            HeaderNames.Status,
+            HeaderNames.TransferEncoding,
+            HeaderNames.Upgrade,
+            HeaderNames.XPoweredBy
        };

        /// <summary>