diff --git a/site/app/Http/FetchMetadata/ResourceIsolationPolicy.php b/site/app/Http/FetchMetadata/ResourceIsolationPolicy.php index 605aa1ea7..ea3ec145b 100644 --- a/site/app/Http/FetchMetadata/ResourceIsolationPolicy.php +++ b/site/app/Http/FetchMetadata/ResourceIsolationPolicy.php @@ -32,7 +32,17 @@ public function install(): void $presenter->onStartup[] = function () use ($presenter): void { if (!$this->isRequestAllowed($presenter)) { if ($this->reportOnly) { - $message = sprintf('%s %s %s', $this->httpRequest->getMethod(), $presenter->getAction(true), implode(', ', array_keys($presenter->getParameters()))); + $headers = []; + foreach ($this->fetchMetadata->getAllHeaders() as $header => $value) { + $headers[] = sprintf('%s: %s', $header, $value ?? '[not sent]'); + } + $message = sprintf( + '%s %s; param names: %s; headers: %s', + $this->httpRequest->getMethod(), + $presenter->getAction(true), + implode(', ', array_keys($presenter->getParameters())), + implode(', ', $headers), + ); Debugger::log($message, 'cross-site'); } else { $presenter->forward(':Www:Forbidden:', ['message' => 'messages.forbidden.crossSite']); diff --git a/site/tests/Http/FetchMetadata/ResourceIsolationPolicyTest.phpt b/site/tests/Http/FetchMetadata/ResourceIsolationPolicyTest.phpt index 5e0a7a0db..a821efb43 100644 --- a/site/tests/Http/FetchMetadata/ResourceIsolationPolicyTest.phpt +++ b/site/tests/Http/FetchMetadata/ResourceIsolationPolicyTest.phpt @@ -68,7 +68,7 @@ class ResourceIsolationPolicyTest extends TestCase $this->installPolicy(true); $this->httpRequest->setHeader(FetchMetadataHeader::Site->value, 'cross-site'); $this->callPresenterAction(); - Assert::same(['GET :Www:Homepage:default foo, waldo'], $this->logger->getLogged()); + Assert::same(['GET :Www:Homepage:default; param names: foo, waldo; headers: Sec-Fetch-Dest: [not sent], Sec-Fetch-Mode: [not sent], Sec-Fetch-Site: cross-site, Sec-Fetch-User: [not sent]'], $this->logger->getLogged()); Assert::same(IResponse::S200_OK, $this->httpResponse->getCode()); }