Copilot review (PR #4, commit ea95a0a, src/httpd.erl:154).
The request error path logs unconditionally on every parse error:
A:E:S ->
io:format("Caught error: ~p:~p:~p~n", [A, E, S]),
{send_close, create_error(?BAD_REQUEST, E)}This is noisy and expensive on embedded targets and violates the AGENTS.md convention ("gate noise behind ?TRACE, not io:format"). A malicious/garbage client can spam serial output.
There is a similar unconditional io:format in src/httpd_env_api_handler.erl:100.
Fix: route these through the ?TRACE macro so they can be compiled out.
Validated against current code: still present.
Copilot review (PR #4, commit ea95a0a,
src/httpd.erl:154).The request error path logs unconditionally on every parse error:
This is noisy and expensive on embedded targets and violates the AGENTS.md convention ("gate noise behind
?TRACE, notio:format"). A malicious/garbage client can spam serial output.There is a similar unconditional
io:formatinsrc/httpd_env_api_handler.erl:100.Fix: route these through the
?TRACEmacro so they can be compiled out.Validated against current code: still present.