chore: lower cross-origin block log level

kof · kof · commit 33f3e0c21e0b · 2026-04-29T18:43:10.000Z
diff --git a/apps/builder/app/services/no-cross-origin-cookie.test.ts b/apps/builder/app/services/no-cross-origin-cookie.test.ts
@@ -0,0 +1,30 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { preventCrossOriginCookie } from "./no-cross-origin-cookie";
+
+describe("preventCrossOriginCookie", () => {
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  test("logs blocked cross-origin requests as info", () => {
+    const consoleError = vi
+      .spyOn(console, "error")
+      .mockImplementation(() => {});
+    const consoleInfo = vi.spyOn(console, "info").mockImplementation(() => {});
+    const request = new Request("https://apps.webstudio.is/rest/data", {
+      method: "POST",
+      headers: {
+        cookie: "session=1",
+      },
+    });
+
+    expect(() => preventCrossOriginCookie(request)).toThrow();
+
+    expect(consoleError).not.toHaveBeenCalled();
+    expect(consoleInfo).toHaveBeenCalledWith(
+      "Blocked cross-origin request to https://apps.webstudio.is/rest/data",
+      []
+    );
+    expect(request.headers.has("cookie")).toBe(false);
+  });
+});
diff --git a/apps/builder/app/services/no-cross-origin-cookie.ts b/apps/builder/app/services/no-cross-origin-cookie.ts
@@ -41,7 +41,7 @@ export const preventCrossOriginCookie = (
   }
 
   if (throwError) {
-    console.error(`Cross-origin request to ${request.url} blocked`, [
+    console.info(`Blocked cross-origin request to ${request.url}`, [
       ...request.headers.entries(),
     ]);
 

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ export const preventCrossOriginCookie = (`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`if (throwError) {`
`44`		- console.error(`Cross-origin request to ${request.url} blocked`, [
	`44`	+ console.info(`Blocked cross-origin request to ${request.url}`, [
`45`	`45`	`...request.headers.entries(),`
`46`	`46`	`]);`
`47`	`47`