Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
WARNING: There is a caveat for request-id generation with some additional default behavior. It is also common in distributed systems to use a client-based request-id to correlate downstream API requests. Fastify supports this out of the box, however you need to know it's there. Normally with something like OpenTelemetry you would have a request-id as well as span id's. OpenTelemetry is out of scope for this article, however just know that there is a default behavior that can allow a client sending trace ids as a header (default request-id) is supported. In this case, you would want to work out this contract with your consumers ahead of time and potentially put something in place to ensure they adhere to this practice.
const Fastify = require("fastify"); const server = Fastify({ logger: { redact: ["headers.authorization"], // an object for redact is also supported - see the docs https://getpino.io/#/docs/redaction?id=redaction // redact: { // paths: ["headers.authorization"], // remove: true, // censor: "Super Secret!!", // }, level: "info", }, }); server.get("/", async (req) => { req.log.info( { headers: req.headers }, "Logging request headers for debugging..." ); return { ok: true }; }); server.listen(3000, (err) => { server.log.info("Server listening..."); // console.log used here only to log out a pre-baked curl request for you to make this example easy console.log(` # Try a curl request with sensitive info as the auth header and watch it NOT get logged: curl http://localhost:3000 -H "Authorization: Bearer my-secret-token-that-will-not-get-logged" -H "X-Will-Get-Logged: This header will still get logged" `); });