[server] Tone down unnecessary logging around websocket verifyClient

Author: geropl

components/server/src/express-util.ts

@@ -23,8 +23,7 @@ export const query = (...tuples: [string, string][]) => {
 // Non-Strict: "rely" on subdomain parsing (do we still need this?)
 export const isAllowedWebsocketDomain = (originHeader: string, gitpodHostName: string, strict: boolean): boolean => {
     if (!originHeader) {
-        // TODO(gpl) Can we get rid of this dependency alltogether?
-        log.debug("Origin header check not applied because of empty Origin header!");
+        // Origin header check not applied because of empty Origin header
         return true;
     }
 

components/server/src/server.ts

@@ -175,7 +175,7 @@ export class Server<C extends GitpodClient, S extends GitpodServer> {
                 if (info.req.url === "/v1") {
                     // Connection attempt with Bearer-Token: be less strict for now
                     if (!verifyOrigin(info.origin, false)) {
-                        log.warn("Websocket connection attempt with non-matching Origin header.", {
+                        log.debug("Websocket connection attempt with non-matching Origin header.", {
                             origin: info.origin,
                         });
                         return callback(false, 403);
@@ -197,7 +197,7 @@ export class Server<C extends GitpodClient, S extends GitpodServer> {
                 if (!authenticatedUsingBearerToken) {
                     // Connection attempt with cookie/session based authentication: be strict about where we accept connections from!
                     if (!verifyOrigin(info.origin, true)) {
-                        log.warn("Websocket connection attempt with non-matching Origin header: " + info.origin);
+                        log.debug("Websocket connection attempt with non-matching Origin header: " + info.origin);
                         return callback(false, 403);
                     }
                 }