-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only log basic response information #3508
Conversation
85a3823
to
9fdf9fd
Compare
9fdf9fd
to
b97da39
Compare
When logging a gateway error response there is a params field, which provides extra information about the request. That information can include useful information like the payment amount, but it can also include PII such as a full billing address. By logging the full error response in yaml that PII can end up in your logs, which is not desirable and potentially against the law. Therefore we should only log the minimal information needed from the response.
b97da39
to
63169fe
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JDutil thanks for this improvement! I left a question regarding the specs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @JDutil, this makes sense!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JDutil thank you 👍
Description
When logging a gateway error response there is a params field,
which provides extra information about the request. That information
can include useful information like the payment amount, but it can
also include PII such as a full billing address.
By logging the full error response in yaml that PII can end up in your
logs, which is not desirable and potentially against the law. Therefore
we should only log the minimal information needed from the response.
Checklist: