chore: remove PII from logs

Signed-off-by: Frank Kong <frkong@redhat.com>
2024-06-27 16:56:57 -04:00
parent ee15b747dd
commit 7681b1746e
3 changed files with 9 additions and 2 deletions
@@ -0,0 +1,5 @@
+---
+'@backstage/backend-defaults': patch
+---
+
+update the `morgan` middleware to use a custom format to prevent PII from being logged
@@ -243,6 +243,7 @@ Mkdocs
 monorepo
 Monorepo
 monorepos
+morgan
 msgraph
 msw
 mutex
@@ -140,8 +140,9 @@ export class MiddlewareFactory {
    const logger = this.#logger.child({
      type: 'incomingRequest',
    });
-
-    return morgan('combined', {
+    const customMorganFormat =
+      '[:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent"';
+    return morgan(customMorganFormat, {
      stream: {
        write(message: string) {
          logger.info(message.trimEnd());