diff --git a/app/vmauth/main.go b/app/vmauth/main.go index bc8cb17e5..5cf685519 100644 --- a/app/vmauth/main.go +++ b/app/vmauth/main.go @@ -105,15 +105,15 @@ func requestHandler(w http.ResponseWriter, r *http.Request) bool { ui := ac[authToken] if ui == nil { invalidAuthTokenRequests.Inc() - err := fmt.Errorf("cannot find the provided auth token %q in config", authToken) if *logInvalidAuthTokens { + err := fmt.Errorf("cannot find the provided auth token %q in config", authToken) err = &httpserver.ErrorWithStatusCode{ Err: err, StatusCode: http.StatusUnauthorized, } httpserver.Errorf(w, r, "%s", err) } else { - http.Error(w, err.Error(), http.StatusUnauthorized) + http.Error(w, "Unauthorized", http.StatusUnauthorized) } return true } diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 34199c2d9..28bf3c714 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -75,6 +75,7 @@ The following tip changes can be tested by building VictoriaMetrics components f * BUGFIX: [vmalert](https://docs.victoriametrics.com/vmalert.html): retry failed read request on the closed connection one more time. This improves rules execution reliability when connection between vmalert and datasource closes unexpectedly. * BUGFIX: [vmalert](https://docs.victoriametrics.com/vmalert.html): properly display an error when using `query` function for templating value of `-external.alert.source` flag. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4181). * BUGFIX: [vmalert](https://docs.victoriametrics.com/vmalert.html): properly return empty slices instead of nil for `/api/v1/rules` and `/api/v1/alerts` API handlers. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4221). +* BUGFIX: [vmauth](https://docs.victoriametrics.com/vmauth.html): do not return invalid auth credentials in http response by default, since it may be logged by client. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4188). * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the display of the tenant selector. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4160). * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix UI freeze when the query returns non-histogram series alongside histogram series. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the text display on buttons in Safari 16.4.