pino-http icon indicating copy to clipboard operation
pino-http copied to clipboard

Published 20 hours ago • verified publisher icon pinojs

Silently fails to log redirected post request by Safari if npm module 'connect-pg-simple' is used with 'express-session'

Open ladekjaer opened this issue 1 year ago • 3 comments

If pino-http is used in an express app that uses npm modules express-session and connect-pg-simple to handle sessions, pino-http fails to log redirected HTTP request made from the Safari web browser. The problem does not occur then using Chrome or curl.

I have produced the following minimal example, that reproduces the problem stated above. Removing the store object from the session configuration, and thereby remove the usage of connect-pg-simple, does solve the problem of missing log entities.

No error message what so ever is given.

import { default as express } from 'express'
import { default as pinoHttp } from 'pino-http'
import { default as session } from 'express-session';
import { default as sessionStore } from 'connect-pg-simple';

import { default as pg } from 'pg';
const Pool = pg.Pool
const pool = new Pool()

const reqLogger = pinoHttp({
	level: 'info',
	enabled: true,
})

const app = express()

app.use(session({
	secret: 'secret',
	name: 'sessionId',
	resave: false,
	rolling: true,
	saveUninitialized: true,
	store: new (sessionStore(session))({
		pool: pool
	}),
	cookie: {
		secure: 'auto',
		maxAge: 30 * 24 * 60 * 60 * 1000
	}
}))

app.use(reqLogger)

app.get('/', (req, res, next) => {
	const html = `
		<form method="POST" action="/">
			<div>
				<label for="floatingInput">Username</label>
				<input name="username" type="text" id="floatingInput">
			</div>
			<div>
				<label for="floatingPassword">Password</label>
				<input name="password" type="password" id="floatingPassword">
			</div>

			<button type="submit">Log in</button>
		</form>`
	res.send(html)
})

app.post('/', (req, res, next) => {
	res.redirect('/')
})

app.listen(8081, () => {
	console.log('Server running')
})

ladekjaer avatar Dec 12 '22 19:12 ladekjaer

I'm not that familiar with express-session, but I guess your problem is that you do not register the middleware as first thing:

const app = express()

app.use(reqLogger)

app.use(session({
	secret: 'secret',
	name: 'sessionId',
	resave: false,
	rolling: true,
	saveUninitialized: true,
	store: new (sessionStore(session))({
		pool: pool
	}),
	cookie: {
		secure: 'auto',
		maxAge: 30 * 24 * 60 * 60 * 1000
	}
}))

mcollina avatar Dec 13 '22 07:12 mcollina

It makes no differens, pino-http still fails to log post request to / if Safari is the requester. If the same request is make with curl or Chrome, the request is being logged.

ladekjaer avatar Dec 13 '22 22:12 ladekjaer

Unfortunately I have no time to debug this. I would be ok to review a PR with a fix if you understand what the problem is.

mcollina avatar Dec 14 '22 08:12 mcollina