Skip to content

I
interface
Commit 469a0060 authored by Vignesh Mohankumar's avatar Vignesh Mohankumar Committed by GitHub
Browse files
Options

fix: filter more CSP errors (#6839) 

* fix: filter more CSP errors

* fix regex

* fix
parent c673c9e4
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 3 deletions
src/tracing/errors.test.ts
View file @ 469a0060
...@@ -128,6 +128,18 @@ describe('beforeSend', () => { ...@@ -128,6 +128,18 @@ describe('beforeSend', () => {
expect(beforeSend(ERROR, { originalException })).toBeNull() expect(beforeSend(ERROR, { originalException })).toBeNull()
}) })
it('filters blocked frame errors', () => {
const originalException = new Error(
'Blocked a frame with origin "https://app.uniswap.org" from accessing a cross-origin frame.'
)
expect(beforeSend(ERROR, { originalException })).toBeNull()
})
it('fiters write permission denied errors', () => {
const originalException = new Error('NotAllowedError: Write permission denied.')
expect(beforeSend(ERROR, { originalException })).toBeNull()
})
it('filters CSP unsafe-eval compile/instatiate errors', () => { it('filters CSP unsafe-eval compile/instatiate errors', () => {
const originalException = new Error( const originalException = new Error(
"Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..." "Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..."
......
src/tracing/errors.ts
View file @ 469a0060
...@@ -42,6 +42,7 @@ function updateRequestUrl(event: ErrorEvent) { ...@@ -42,6 +42,7 @@ function updateRequestUrl(event: ErrorEvent) {
} }
} }
// TODO(WEB-2400): Refactor to use a config instead of returning true for each condition.
function shouldRejectError(error: EventHint['originalException']) { function shouldRejectError(error: EventHint['originalException']) {
if (error instanceof Error) { if (error instanceof Error) {
// ethers aggressively polls for block number, and it sometimes fails (whether spuriously or through rate-limiting). // ethers aggressively polls for block number, and it sometimes fails (whether spuriously or through rate-limiting).
...@@ -74,9 +75,9 @@ function shouldRejectError(error: EventHint['originalException']) { ...@@ -74,9 +75,9 @@ function shouldRejectError(error: EventHint['originalException']) {
// Content security policy 'unsafe-eval' errors can be filtered out because there are expected failures. // Content security policy 'unsafe-eval' errors can be filtered out because there are expected failures.
// For example, if a user runs an eval statement in console this error would still get thrown. // For example, if a user runs an eval statement in console this error would still get thrown.
// TODO(WEB-2348): We should extend this to filter out any type of CSP error. // TODO(WEB-2348): We should extend this to filter out any type of CSP error.
if (error.message.match(/'unsafe-eval'.*content security policy/i)) { if (error.message.match(/'unsafe-eval'.*content security policy/i)) return true
return true if (error.message.match(/Blocked a frame with origin ".*" from accessing a cross-origin frame./)) return true
} if (error.message.match(/NotAllowedError: Write permission denied./)) return true
// WebAssembly compilation fails because we do not allow 'unsafe-eval' in our CSP. // WebAssembly compilation fails because we do not allow 'unsafe-eval' in our CSP.
// Any thrown errors are due to 3P extensions/applications, so we do not need to handle them. // Any thrown errors are due to 3P extensions/applications, so we do not need to handle them.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment