fix: only log if the request has an Origin header (#59920)

2026-03-07 18:01:40 -05:00 · 2025-04-23 22:50:12 +02:00
parent 6ea8c33170
commit db07c718b9
2 changed files with 13 additions and 1 deletions
--- a/api/src/plugins/cors.test.ts
+++ b/api/src/plugins/cors.test.ts
@@ -32,4 +32,16 @@ describe('cors', () => {
      expect(spy).not.toHaveBeenCalled();
    });
  });
+
+  it('should not log if the origin is undefined', async () => {
+    const logger = fastify.log.child({ req: { url: '/api/some-endpoint' } });
+    const spies = LOG_LEVELS.map(level => jest.spyOn(logger, level));
+    await fastify.inject({
+      url: '/api/some-endpoint'
+    });
+
+    spies.forEach(spy => {
+      expect(spy).not.toHaveBeenCalled();
+    });
+  });
 });
--- a/api/src/plugins/cors.ts
+++ b/api/src/plugins/cors.ts
@@ -22,7 +22,7 @@ const cors: FastifyPluginCallback = (fastify, _options, done) => {
      // @fastify/cors instead.
      void reply.header('Access-Control-Allow-Origin', HOME_LOCATION);

-      if (!req.url?.startsWith('/status/')) {
+      if (origin && !req.url?.startsWith('/status/')) {
        logger.info(`Received request from disallowed origin: ${origin}`);
      }
    }