Logs route path access

elastic · Mar 2, 2023 · bf7a3c3 · bf7a3c3
1 parent 54d6321
commit bf7a3c3
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/packages/core/http/core-http-server-internal/src/http_server.ts b/packages/core/http/core-http-server-internal/src/http_server.ts
@@ -516,6 +516,7 @@ export class HttpServer {
   }
 
   private configureRoute(route: RouterRoute) {
+    const optionsLogger = this.logger.get('http', 'server', this.name, 'options');
     this.log.debug(`registering route handler for [${route.path}]`);
     // Hapi does not allow payload validation to be specified for 'head' or 'get' requests
     const validate = isSafeMethod(route.method) ? undefined : { payload: true };
@@ -526,6 +527,10 @@ export class HttpServer {
       xsrfRequired: route.options.xsrfRequired ?? !isSafeMethod(route.method),
       access: route.options.access ?? (route.path.startsWith('/internal') ? 'internal' : 'public'),
     };
+    // Log HTTP API target consumer. Warning: may log sensitive information on paths including secrets
+    optionsLogger.debug(
+      `kibanaRouteOptions [${kibanaRouteOptions.access}] for path [${route.path}]`
+    );
 
     this.server!.route({
       handler: route.handler,