From 79a4ca8429710ecc57a316bcf5e53434f81656a5 Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Thu, 26 Dec 2024 09:24:43 -0700 Subject: [PATCH] web: don't log unauthenticated requests for index.html (#50563) It's super common to see requests for index.html that either have an expired or missing session cookie. Stop logging an error with a long stack trace since there's nothing unusual happening here. This removes the "need auth" or "missing session cookie" noise that often clutters debug logs. --- lib/web/apiserver.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go index 9a7a0ac625be8..13a69a502cc6c 100644 --- a/lib/web/apiserver.go +++ b/lib/web/apiserver.go @@ -657,10 +657,10 @@ func NewHandler(cfg Config, opts ...HandlerOption) (*APIHandler, error) { h.logger.WarnContext(r.Context(), "Failed to generate CSRF token", "error", err) } - session, err := h.authenticateWebSession(w, r) - if err != nil { - h.logger.DebugContext(r.Context(), "Could not authenticate", "error", err) - } + // Ignore errors here, as unauthenticated requests for index.html are common - the user might + // not have logged in yet, or their session may have expired. + // The web app will show them the login page in this case. + session, _ := h.authenticateWebSession(w, r) session.XCSRF = csrfToken httplib.SetNoCacheHeaders(w.Header()) @@ -724,7 +724,7 @@ type webSession struct { } func (h *Handler) authenticateWebSession(w http.ResponseWriter, r *http.Request) (webSession, error) { - ctx, err := h.AuthenticateRequest(w, r, false) + ctx, err := h.AuthenticateRequest(w, r, false /* validate bearer token */) if err != nil { return webSession{}, trace.Wrap(err) }