AlinsRan commented on PR #13676:
URL: https://github.com/apache/apisix/pull/13676#issuecomment-4955840892

   Good catch — you're right, and it's worse than "may contain sensitive 
information": the embedding request carries the user's prompt, and some 
providers echo the input back in their error payloads, so the body can contain 
the prompt itself. On top of that it's unbounded and can forge log lines with 
newlines.
   
   Fixed in be76356: the response body is no longer logged at any level. We now 
report only the HTTP status, plus cjson's own parse error when the body is 
malformed — bounded and body-free.
   
   ```lua
   if status ~= 200 then
       if err then
           return nil, "embedding request failed: " .. err
       end
       return nil, "embedding endpoint returned status " .. tostring(status)
   end
   
   local data, derr = core.json.decode(raw_body)
   if type(data) ~= "table" or type(data.data) ~= "table" then
       return nil, "invalid embedding response: " .. (derr or "unexpected 
shape")
   end
   ```
   
   The status is enough to diagnose the common failures (401 bad key, 429 rate 
limit, 400 bad model). Added a regression test: the mock now returns a 500 
whose body echoes the prompt, and the test asserts that string never appears in 
the logs.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to