From de2968b03dc624a8f068230d9158644b53835fa6 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Tue, 16 Jun 2026 21:49:43 -0400
Subject: [PATCH] =?UTF-8?q?fix(audit):=20M5.3=20review=20I-1=20=E2=80=94?=
 =?UTF-8?q?=20use=20the=20request-start=20options=20snapshot=20for=20heade?=
 =?UTF-8?q?r=20redaction=20(no=20mid-request=20reload=20split)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Middleware/AuditWriteMiddleware.cs                | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs b/src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs
index c608e5f4..13784906 100644
--- a/src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs
@@ -234,6 +234,7 @@ public sealed class AuditWriteMiddleware
 
             EmitInboundAudit(
                 ctx,
+                opts,
                 sw.ElapsedMilliseconds,
                 thrown,
                 requestBody,
@@ -251,6 +252,7 @@ public sealed class AuditWriteMiddleware
     /// </summary>
     private void EmitInboundAudit(
         HttpContext ctx,
+        AuditLogOptions opts,
         long durationMs,
         Exception? thrown,
         string? requestBody,
@@ -289,10 +291,13 @@ public sealed class AuditWriteMiddleware
             // collection is run through the SAME header-redaction list
             // (AuditLogOptions.HeaderRedactList) that the ScadaBridgeAuditRedactor
             // applies to RequestSummary / ResponseSummary — auth/sensitive
-            // headers are redacted before they land in the row.
-            var currentOpts = _options.CurrentValue;
+            // headers are redacted before they land in the row. Uses the SAME
+            // options snapshot captured at request start (passed in as opts) as
+            // the SkipBodyCapture / PerTargetOverrides decisions, so a mid-request
+            // live-reload can't split the body-capture and header-redaction
+            // verdicts across two different snapshots.
             var redactSet = new HashSet<string>(
-                currentOpts.HeaderRedactList,
+                opts.HeaderRedactList,
                 StringComparer.OrdinalIgnoreCase);
 
             var headerDict = new Dictionary<string, string>(StringComparer.Ordinal);