fix(settings): clarify debug-info session link is internal, not public#60833
Merged
pauldambra merged 6 commits intoJun 1, 2026
Merged
Conversation
The Debug information panel rendered the session replay URL inside a copy-only CodeSnippet, so it was never clickable, and getSessionReplayLink() rewrote the public /replay/ URL into the staff-only http://go/session/ golink that external users cannot resolve. - Gate the http://go/session/ golink rewrite behind a useInternalGolink flag, enabled only for the Zendesk ticket body (read by PostHog staff). The public GitHub debug snippet now uses the externally-resolvable /replay/ URL. - Add a clickable "View this session recording" Link below the debug snippet pointing at the public replay URL. - Make replay URL resolution null-safe so the session line is omitted when no recording is available. Generated-By: PostHog Code Task-Id: 8c0d0d7d-205a-43e4-9bf1-d726cce75be6
Contributor
|
Size Change: 0 B Total Size: 80.9 MB ℹ️ View Unchanged
|
The session replay URL in the Debug information panel records the reporting user's own session into PostHog's internal telemetry project, which the user is not a member of. Making it clickable/public would only send the user to a project they cannot access — the link is for PostHog staff triaging the ticket or GitHub issue. - Keep the staff-only http://go/session/ golink rewrite (revert the public-URL switch and the inert "View this session recording" link added to the panel). - Add null-safety so the Session line is omitted when there is no recording. - Clarify in the panel copy that the session/admin links are internal references the PostHog team uses and won't open for the user. Generated-By: PostHog Code Task-Id: 655f5461-9e65-417f-a7f3-47148a2070d5
posthog
Bot
changed the title
pauldambra
approved these changes
Jun 1, 2026
Contributor
Prompt To Fix All With AIFix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 1
frontend/src/lib/components/Support/supportLogic.test.ts:1-5
The test casts `posthog.get_session_replay_url` to `jest.Mock` and immediately calls `.mockReset()` / `.mockReturnValue()` on it, but `posthog-js` is never automatically mocked. Without `jest.mock('posthog-js')`, the real posthog library is loaded and `get_session_replay_url` is a plain function — calling `.mockReset()` on it throws `TypeError: mockedGetReplayUrl.mockReset is not a function`, crashing both tests before any assertion is reached. Every comparable test in this repo (e.g. `webAnalyticsLoadTimeLogic.test.ts`, `timeSensitiveAuthenticationLogic.test.ts`) calls `jest.mock('posthog-js')` first.
```suggestion
import posthog from 'posthog-js'
import { OrganizationBasicType, Region, TeamPublicType } from '~/types'
import { getPublicSupportSnippet } from './supportLogic'
jest.mock('posthog-js')
```
Reviews (1): Last reviewed commit: "fix(settings): clarify debug-info sessio..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
The Admin and Billing admin links in the support snippet are staff-only golinks that don't resolve for the reporting user. Label each one "(internal)" so it's clear in the snippet text — including the public GitHub snippet the user sees. Generated-By: PostHog Code Task-Id: 655f5461-9e65-417f-a7f3-47148a2070d5
Reword "they won't open for you" to "they only resolve for PostHog staff" so the panel explains why the internal links are inert rather than reading like the links are broken. Addresses convergent qa-swarm review feedback. Generated-By: PostHog Code Task-Id: 655f5461-9e65-417f-a7f3-47148a2070d5
Contributor
Author
|
Note 🤖 Automated comment by QA Swarm — not written by a human Multi-perspective review: qa-team (frontend/security/perf/reliability/data-integrity/copy), paul-reviewer, xp-reviewer, security-audit Verdict: ✅ APPROVESmall, well-scoped frontend fix. No correctness, security, performance, or data-integrity issues found. The Findings (all non-blocking)
Reviewer summaries
Automated by QA Swarm — not a human review |
Generated-By: PostHog Code Task-Id: 655f5461-9e65-417f-a7f3-47148a2070d5
github-actions
Bot
dismissed
their stale review
New commits pushed (delta classified non_trivial_delta) — stamphog approval dismissed; re-review running automatically.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
All changes are low-risk: label copy clarifications, a defensive null-guard on get_session_replay_url, and matching test coverage. The resolved bot comment about missing jest.mock('posthog-js') is addressed by the project-wide mock in jest.setup.ts, confirmed by reading the file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Users on the project settings page see a session replay URL in the Debug information panel that looks like a link but does nothing when clicked. A signal report captured a user repeatedly clicking it, getting no response, and bouncing.
The original framing was "make it clickable and public." That's the wrong fix:
getSessionReplayLink()resolves the URL viaposthog.get_session_replay_url(...), which records the user's own session into PostHog's internal telemetry project. The reporting user is not a member of that project, so a clickable/replay/<id>link would only send them to a page they cannot access. The whole snippet (session +http://go/adminOrglinks) is an internal triage blob meant to be pasted into a GitHub issue and read by PostHog staff — not a self-service link for the user.Changes
http://go/session/golink rewrite (the snippet is consumed by staff triaging the ticket/GitHub issue). Reverted the earlier public-URL switch and the inert "View this session recording" link.Session:line is omitted when there is no recording available.How did you test this code?
I'm an agent. Updated the unit tests in
frontend/src/lib/components/Support/supportLogic.test.tsto assert the snippet uses the internalhttp://go/session/golink and omits theSession:line when no recording exists. Frontend dependencies were not installed in this environment, so I could not run the Jest suite or type checker locally; I reviewed the diff manually. No manual UI testing.Automatic notifications
Docs update
No docs changes needed.
🤖 Agent context
Authored by PostHog Code (Claude) in response to a P3 signal report about a non-clickable, internal-only session replay URL in the project settings Debug information panel.
The initial automated attempt made the link clickable and "public." That was corrected after maintainer feedback: the session recording lives in PostHog's own telemetry project (the reporting user isn't a member), so no public link would work for the user. The right fix is to keep the link internal/staff-facing and make that explicit in the UI, plus tighten null-safety.
The unrelated
billing.trial?.target as anylines visible in a master diff are branch-vs-master drift, not part of this change.Created with PostHog Code