Closed
Description
Affects: v5.3.22 and prior. Module is spring-webflux
The insertCheckpoint method in DefaultWebClient seems to log the URI. In few scenarios this URI can have sensitive information like email or phone number or name etc.,. The framework doesn't provide any controls to switch it off and the only way I can think of right now is to create a duplicate of this class in our classpath and override this method. Any other suggestions are appreciated.? If future versions of spring-webflux can provide a way to override the behaviour that will provide us a strategic alternative.
private <T> Mono<T> insertCheckpoint(Mono<T> result, HttpStatusCode statusCode, HttpRequest request) {
HttpMethod httpMethod = request.getMethod();
URI uri = request.getURI();
String description = statusCode + " from " + httpMethod + " " + uri + " [DefaultWebClient]";
return result.checkpoint(description);
}