pino-http
pino-http copied to clipboard
Silently fails to log redirected post request by Safari if npm module 'connect-pg-simple' is used with 'express-session'
If pino-http is used in an express app that uses npm modules express-session and connect-pg-simple to handle sessions, pino-http fails to log redirected HTTP request made from the Safari web browser. The problem does not occur then using Chrome or curl.
I have produced the following minimal example, that reproduces the problem stated above. Removing the store
object from the session configuration, and thereby remove the usage of connect-pg-simple, does solve the problem of missing log entities.
No error message what so ever is given.
import { default as express } from 'express'
import { default as pinoHttp } from 'pino-http'
import { default as session } from 'express-session';
import { default as sessionStore } from 'connect-pg-simple';
import { default as pg } from 'pg';
const Pool = pg.Pool
const pool = new Pool()
const reqLogger = pinoHttp({
level: 'info',
enabled: true,
})
const app = express()
app.use(session({
secret: 'secret',
name: 'sessionId',
resave: false,
rolling: true,
saveUninitialized: true,
store: new (sessionStore(session))({
pool: pool
}),
cookie: {
secure: 'auto',
maxAge: 30 * 24 * 60 * 60 * 1000
}
}))
app.use(reqLogger)
app.get('/', (req, res, next) => {
const html = `
<form method="POST" action="/">
<div>
<label for="floatingInput">Username</label>
<input name="username" type="text" id="floatingInput">
</div>
<div>
<label for="floatingPassword">Password</label>
<input name="password" type="password" id="floatingPassword">
</div>
<button type="submit">Log in</button>
</form>`
res.send(html)
})
app.post('/', (req, res, next) => {
res.redirect('/')
})
app.listen(8081, () => {
console.log('Server running')
})
I'm not that familiar with express-session, but I guess your problem is that you do not register the middleware as first thing:
const app = express()
app.use(reqLogger)
app.use(session({
secret: 'secret',
name: 'sessionId',
resave: false,
rolling: true,
saveUninitialized: true,
store: new (sessionStore(session))({
pool: pool
}),
cookie: {
secure: 'auto',
maxAge: 30 * 24 * 60 * 60 * 1000
}
}))
It makes no differens, pino-http
still fails to log post request to / if Safari is the requester. If the same request is make with curl
or Chrome, the request is being logged.
Unfortunately I have no time to debug this. I would be ok to review a PR with a fix if you understand what the problem is.