- 🇨🇦Canada deviantintegral
We ran into this as well, as the error came up in a situation where we thought there was a bug in our code. It wasn't clear to any of our developers that this was a normal condition for 403 and 404 responses.
What's challenging about this is that as a site owner, the word "Exception" usually means "something has gone wrong and code needs to be fixed", not "a request returned 403 or 404 but the site is working fine".
This also causes problems with monitoring tools like New Relic, because they will track all exceptions and not automatically ignore these as errors.
As is, the current log message isn't very helpful to users who aren't developers.
Instead of:
Path: /admin/content. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access content overview' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /var/www/html/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
I think a better message would be something like:
The user (name or anonymous) was denied access to (path) as they have not been granted the (permission) permission.
For reference, the logging occurs in
core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php
. It would be possible to alter or replace this subscriber.Given that many sites will prefer to track 403s or 404s outside, I think it also makes sense for this to be possible to disable entirely. That way, we prevent log spam in Drupal in the case of crawlers hitting many 404s, letting external systems like Google Analytics or web server logs handle tracking those responses.
- 🇺🇸United States greenSkin
We're witnessing these log messages when accessing pages that don't explicitly grant access (i.e., access result is neutral), which seems like a bug to me.
- 🇮🇳India MukhtarM
I don't know the issue is related or not. But i am geting the same log in Drupal commerce, while in the review page of a product checkout as:
Path: /checkout/49/review. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /code/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
and
User: Anonymous (not verified)
. I don't get why the user is Anonymous because i am still logged in and i am making the order :) ! - 🇬🇧United Kingdom cebab54
I am getting the same issue with users that are authenticated and until about three weeks ago had access to pages (all with correct permissions to display pages and menu items) but suddenly these pages are now unauthorised to the same users. Other strange permissions issues are showing up in Views that also previously worked fine for Users.
I am at my wits end trying to understand what has happened with the permissions and have checked all permissions and they are correct as designed.
Is this something to do with Drupal Core?
Any suggestions as to how to resolve this would be appreciated.
User 1 can still use the site as designed, just not users!