Don't log requests (#1370)

Fixes #1331

HTTP logging leaks sensitive request information.

This PR removes HTTP request logging during panics.

recovery.go

@@ -51,12 +51,16 @@ func RecoveryWithWriter(out io.Writer) HandlerFunc {
 					}
 				}
 				if logger != nil {
+					stack := stack(3)
 					httprequest, _ := httputil.DumpRequest(c.Request, false)
 					if brokenPipe {
 						logger.Printf("%s\n%s%s", err, string(httprequest), reset)
-					} else {
+					} else if IsDebugging() {
 						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s\n%s%s",
-							timeFormat(time.Now()), string(httprequest), err, stack(3), reset)
+							timeFormat(time.Now()), string(httprequest), err, stack, reset)
+					} else {
+						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s%s",
+							timeFormat(time.Now()), err, stack, reset)
 					}
 				}
 

recovery_test.go

@@ -27,9 +27,19 @@ func TestPanicInHandler(t *testing.T) {
 	w := performRequest(router, "GET", "/recovery")
 	// TEST
 	assert.Equal(t, http.StatusInternalServerError, w.Code)
-	assert.Contains(t, buffer.String(), "GET /recovery")
+	assert.Contains(t, buffer.String(), "panic recovered")
 	assert.Contains(t, buffer.String(), "Oupps, Houston, we have a problem")
 	assert.Contains(t, buffer.String(), "TestPanicInHandler")
+	assert.NotContains(t, buffer.String(), "GET /recovery")
+
+	// Debug mode prints the request
+	SetMode(DebugMode)
+	// RUN
+	w = performRequest(router, "GET", "/recovery")
+	// TEST
+	assert.Equal(t, http.StatusInternalServerError, w.Code)
+	assert.Contains(t, buffer.String(), "GET /recovery")
+
 }
 
 // TestPanicWithAbort assert that panic has been recovered even if context.Abort was used.