DebugProbe · georgidhristov · May 29, 2026 · May 29, 2026
@@ -11,13 +11,6 @@ namespace DebugProbe.AspNetCore.Handlers;
 /// </summary>
 public class DebugProbeHttpClientHandler : DelegatingHandler
 {
-    private static readonly HashSet<string> SensitiveHeaders =
-    [
-        "Authorization",
-        "Cookie",
-        "Set-Cookie"
-    ];
-
     private readonly DebugProbeOptions _options;
 
     private readonly IHttpContextAccessor _httpContextAccessor;
@@ -55,7 +48,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
     /// <summary>
     /// Captures outgoing request details and stores them in the active DebugProbe entry.
     /// </summary>
-    private async Task CaptureRequest(HttpRequestMessage request, HttpResponseMessage? response, Exception? exception,long durationMs)
+    private async Task CaptureRequest(HttpRequestMessage request, HttpResponseMessage? response, Exception? exception, long durationMs)
     {
         var context = _httpContextAccessor.HttpContext;
 
@@ -90,9 +83,9 @@ private async Task CaptureRequest(HttpRequestMessage request, HttpResponseMessag
 
             IsSuccessStatusCode = response?.IsSuccessStatusCode ?? false,
 
-            RequestHeaders = request.Headers.ToDictionary(x => x.Key, x => SensitiveHeaders.Contains(x.Key) ? "[REDACTED]" : string.Join(", ", x.Value)),
+            RequestHeaders = request.Headers.ToDictionary(x => x.Key, x => HeaderUtils.RedactIfSensitive(x.Key, string.Join(", ", x.Value))),
 
-            ResponseHeaders = response != null ? response.Headers.ToDictionary(x => x.Key, x => SensitiveHeaders.Contains(x.Key) ? "[REDACTED]" : string.Join(", ", x.Value)) : []
+            ResponseHeaders = response != null ? response.Headers.ToDictionary(x => x.Key, x => HeaderUtils.RedactIfSensitive(x.Key, string.Join(", ", x.Value))) : []
         };
 
         if (request.Content != null)
@@ -103,7 +96,7 @@ private async Task CaptureRequest(HttpRequestMessage request, HttpResponseMessag
             {
                 var body = await request.Content.ReadAsStringAsync();
 
-                outgoing.RequestBody = JsonUtils.Format(HttpContentUtils.Trim(body, _options.MaxBodyCaptureSizeKb * 1024));
+                outgoing.RequestBody = JsonUtils.Format(HttpContentUtils.Trim(body, _options.MaxBodyCaptureSizeBytes));
             }
         }
 
@@ -115,10 +108,10 @@ private async Task CaptureRequest(HttpRequestMessage request, HttpResponseMessag
             {
                 var body = await response.Content.ReadAsStringAsync();
 
-                outgoing.ResponseBody = JsonUtils.Format(HttpContentUtils.Trim(body, _options.MaxBodyCaptureSizeKb * 1024));
+                outgoing.ResponseBody = JsonUtils.Format(HttpContentUtils.Trim(body, _options.MaxBodyCaptureSizeBytes));
             }
         }
 
         entry.OutgoingRequests.Add(outgoing);
     }
-}
+}
@@ -0,0 +1,16 @@
+namespace DebugProbe.AspNetCore.Internal.Utils;
+
+internal static class HeaderUtils
+{
+    private static readonly HashSet<string> SensitiveHeaders = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "Authorization",
+        "Cookie",
+        "Set-Cookie"
+    };
+
+    public static string RedactIfSensitive(string name, string value)
+    {
+        return SensitiveHeaders.Contains(name) ? "[REDACTED]" : value;
+    }
+}
@@ -24,6 +24,6 @@ public static string Trim(string? value, int max = 2000)
             return value ?? string.Empty;
         }
 
-        return value.Length <= max? value : value.Substring(0, max);
+        return value.Length <= max ? value : value[..max];
     }
 }
@@ -36,13 +36,6 @@ public class DebugProbeMiddleware
         "/server-status"
     ];
 
-    private static readonly HashSet<string> SensitiveHeaders = new(StringComparer.OrdinalIgnoreCase)
-    {
-        "Authorization",
-        "Cookie",
-        "Set-Cookie"
-    };
-
     private readonly RequestDelegate _next;
     private readonly DebugProbeOptions _options;
 
@@ -75,7 +68,7 @@ public async Task Invoke(HttpContext context, DebugEntryStore store)
             return;
         }
 
-        var maxBodySize = _options.MaxBodyCaptureSizeKb * 1024;
+        var maxBodySize = _options.MaxBodyCaptureSizeBytes;
 
         var requestBody = await CaptureRequestBodyAsync(context, maxBodySize);
 
@@ -140,7 +133,7 @@ public async Task Invoke(HttpContext context, DebugEntryStore store)
             entry.RequestHeaders =
                 context.Request.Headers.ToDictionary(
                     x => x.Key,
-                    x => SensitiveHeaders.Contains(x.Key) ? "[REDACTED]" : x.Value.ToString());
+                    x => HeaderUtils.RedactIfSensitive(x.Key, x.Value.ToString()));
 
             entry.RequestUrl =
                 $"{context.Request.Scheme}://{context.Request.Host}" +
@@ -150,10 +143,10 @@ public async Task Invoke(HttpContext context, DebugEntryStore store)
 
             entry.ResponseBody = HttpContentUtils.Trim(responseBody, maxBodySize);
 
-            entry.ResponseHeaders = 
+            entry.ResponseHeaders =
                 context.Response.Headers.ToDictionary(
                     x => x.Key,
-                    x => SensitiveHeaders.Contains(x.Key) ? "[REDACTED]" : x.Value.ToString());
+                    x => HeaderUtils.RedactIfSensitive(x.Key, x.Value.ToString()));
 
             store.Add(entry);
         }
@@ -226,8 +219,6 @@ private static bool HasBody(HttpRequest request)
                string.Equals(request.Method, HttpMethods.Patch, StringComparison.OrdinalIgnoreCase);
     }
 
-
-
     private static async Task<byte[]> ReadAtMostAsync(Stream stream, int byteLimit)
     {
         using var buffer = new MemoryStream();

@@ -15,6 +15,8 @@ public class DebugProbeOptions
     /// </summary>
     public int MaxBodyCaptureSizeKb { get; set; } = 32;
 
+    internal int MaxBodyCaptureSizeBytes => MaxBodyCaptureSizeKb * 1024;
+
     /// <summary>
     /// Allows compare requests to local or private network targets.
     /// </summary>