upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-28 04:13:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

[Docs] Warn users about printing headers in HTTP access logs (#44353)

Browse source 
Closes #43156

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
This commit is contained in:
Martin Bartoš 2025-11-20 14:48:01 +01:00 committed by GitHub
parent 0e959ad89e
commit a71ceee8f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/guides/server/logging.adoc
View file

@ -287,6 +287,9 @@ You can even specify your own pattern with your required data to be logged, such
<@kc.start parameters="--http-access-log-pattern='%A %{METHOD} %{REQUEST_URL} %{i,User-Agent}'"/>
WARNING: HTTP Access logs may contain sensitive HTTP headers like `Authorization`, `Cookie`, or external API keys references.
Be careful with using the `long` pattern or printing the headers by the custom format - you should use it only for development purposes.
Consult the https://quarkus.io/guides/http-reference#configuring-http-access-logs[Quarkus documentation] for the full list of variables that can be used.
=== Exclude specific URL paths