fix: filter out all `unsafe-eval` csp errors (#6409)

* update match * Update src/tracing/errors.ts Co-authored-by: Zach Pomerantz <zzmp@uniswap.org> * lint * add test ---------

fix: filter out all `unsafe-eval` csp errors (#6409)
* update match * Update src/tracing/errors.ts Co-authored-by: Zach Pomerantz <zzmp@uniswap.org> * lint * add test ---------
fcc6a2d5 · Vignesh Mohankumar · GitHub · 98841c78 · fcc6a2d5 · fcc6a2d5
Commit fcc6a2d5 authored Apr 21, 2023 by Vignesh Mohankumar Committed by GitHub Apr 21, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 10 deletions

errors.test.ts src/tracing/errors.test.ts +19 -5

errors.ts src/tracing/errors.ts +1 -5

No files found.
--- a/src/tracing/errors.test.ts
+++ b/src/tracing/errors.test.ts
@@ -8,6 +8,11 @@ describe('filterKnownErrors', () => {
    expect(filterKnownErrors(ERROR, {})).toBe(ERROR)
  })
+  it('propagates an error with generic text', () => {
+    const originalException = new Error('generic error copy')
+    expect(filterKnownErrors(ERROR, { originalException })).toBe(ERROR)
+  })
  it('filters block number polling errors', () => {
    const originalException = new (class extends Error {
      requestBody = JSON.stringify({ method: 'eth_blockNumber' })
@@ -30,10 +35,19 @@ describe('filterKnownErrors', () => {
    expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
  })
-  it('filters CSP unsafe-eval errors', () => {
+  describe('Content Security Policy', () => {
-    const originalException = new Error(
+    it('filters unsafe-eval evaluate errors', () => {
-      "Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
+      const originalException = new Error(
-    )
+        "Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
-    expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+      )
+      expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+    })
+    it('filters CSP unsafe-eval compile/instatiate errors', () => {
+      const originalException = new Error(
+        "Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..."
+      )
+      expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+    })
  })
 })
--- a/src/tracing/errors.ts
+++ b/src/tracing/errors.ts
@@ -52,11 +52,7 @@ export const filterKnownErrors: Required<ClientOptions>['beforeSend'] = (event:
     * For example, if a user runs an eval statement in console this error would still get thrown.
     * TODO(INFRA-176): We should extend this to filter out any type of CSP error.
     */
-    if (
+    if (error.message.match(/'unsafe-eval'.*content security policy/i)) {
-      error.message.match(
-        /Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive/
-      )
-    ) {
      return null
    }
  }