Todo #6727
open
Apple TouchID/FaceID probes for site icon files that do not exist
Added by Andy Kniveton about 9 years ago.
Updated about 1 month ago.
Plus Target Version:
25.11
Description
I notice this occasionally in my log files after logging in via the web browser :-
Aug 18 19:50:38 pfsense.localdomain nginx: 2016/08/18 19:50:38 [error] 36942#100114: *10595 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 172.16.1.20, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "172.16.1.1"
[2.3.2-RELEASE][admin@pfsense.localdomain]/root: ls /usr/local/www/apple-touch-icon-precomposed.png
ls: /usr/local/www/apple-touch-icon-precomposed.png: No such file or directory
[2.3.2-RELEASE][admin@pfsense.localdomain]/root: ls /usr/local/www/*.png
/usr/local/www/apple-touch-icon.png/usr/local/www/logo.png
/usr/local/www/logo-black.png /usr/local/www/pfs-mini.png
[2.3.2-RELEASE][admin@pfsense.localdomain]/root:
Maybe its just worth doing a symbolic link in the next pfSense build.
Files
I'm on v2.6.0 CE and I just got this error myself. Interesting. Seems like it would be an easy fix.
- File login-page-icons.diff added
- Subject changed from Missing file apple-touch-icon-precomposed.png ? to Apple TouchID/FaceID probes for site icon files that do not exist
- Assignee deleted (
Jared Dillard)
- Start date deleted (
08/18/2016)
After some recent discussion this has come back up, and seems to be narrowed down to using Apple's TouchID or FaceID when logging in. The login page doesn't send the icon metadata, but the GUI does send it after login. Proper browsers wait and respect that, they don't probe for those files indiscriminately. It appears Apple's password manager doesn't work the same way as Safari there.
One potential way to address this is to send the icon metadata in the login page, but I don't have any devices with TouchID or FaceID to test against (which is also why I can't reproduce it).
If that doesn't work, we could maybe copy the icons to the hardcoded paths it's probing, but that's not an ideal solution.
Running the patch and all seems well. Will test in more detail soon.
Fully tested and patch 6855d0f643a33 is confirmed to work with 25.03.b.20250610.1659. No remaining issues or observations - looks like a fix. 👍
☕️
24 hours later and the error returned. No changes so no idea why or why it was over a minute after login.
2025-06-22 10:31:31.000000+01:00 nginx - 2025/06/22 10:31:31 [error] 24#100557: *13201 open() "/usr/local/www/apple-touch-icon.png" failed (2: No such file or directory), client: 2a02:, server: , request: "GET /apple-touch-icon.png HTTP/2.0", host: "router-7.xxxxxxx.me:8443"
2025-06-22 10:31:31.000000+01:00 nginx - 2025/06/22 10:31:31 [error] 24#100557: *13201 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 2a02:, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/2.0", host: "router-7.xxxxxxx.me:8443"
2025-06-22 10:30:15.450108+01:00 php-fpm 6810 /index.php: Successful login for user 'admin' from: 2a02: (Local Database)
- File icon-headers.diff icon-headers.diff added
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version changed from Future to 2.9.0
- Plus Target Version set to 25.11
- File deleted (
login-page-icons.diff)
I tested it on a few more devices (CE and Plus) and it seems to be working OK. Good enough to merge in for the next dev builds for wider testing.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
As far as I can tell with the code currently committed it appears to be OK everywhere by inspecting the headers (even on the CSRF error page), but I would like someone who could reproduce the original problem on macOS/iOS to check and see if they can reproduce it now.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by