Skip to content

Commit da75bb4

Browse files
committed
Fix: Include HTTP method in authz logs
Fixes: Logs now include the HTTP method for unauthorized API requests. This change enhances the clarity of authorization logs by including the HTTP method (e.g., GET, POST) associated with the denied request. This allows for more precise identification of the attempted action and aids in debugging and security analysis.
1 parent 1c258c6 commit da75bb4

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/runtime/server/utils/authorization.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ export const handleInvalidToken = (event: H3Event, isApiRoute: boolean, isMeEndp
5353
*/
5454
export const handleUnauthorizedRequest = (event: H3Event, user: UserWithoutPassword, isApiRoute: boolean) => {
5555
if (isApiRoute) {
56-
console.warn(`[Nuxt Users] authorization: ${event.path} User ${user.id} with role ${user.role} denied access - API request rejected`)
56+
console.warn(`[Nuxt Users] authorization: ${event.method}: ${event.path} User ${user.id} with role ${user.role} denied access - API request rejected`)
5757
throw createError({ statusCode: 403, statusMessage: 'Forbidden' })
5858
}
5959
// For pages, let client handle redirect

0 commit comments

Comments
 (0)