fix: Uncaught session storage security error handling (#358)

* change custom localStorage to ampLocalStorage to remove confusion * Add error handling for unavailable sessionStorage * Add docs to option
amplitude · Feb 24, 2021 · 560bb05 · 560bb05
1 parent ff56fe4
commit 560bb05
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/src/metadata-storage.js b/src/metadata-storage.js
@@ -7,8 +7,9 @@ import Base64 from './base64';
 import baseCookie from './base-cookie';
 import Constants from './constants';
 import getLocation from './get-location';
-import localStorage from './localstorage';
+import ampLocalStorage from './localstorage';
 import topDomain from './top-domain';
+import utils from './utils';
 
 const storageOptionExists = {
   [Constants.STORAGE_COOKIES]: true,
@@ -94,7 +95,7 @@ class MetadataStorage {
         }
         break;
       case Constants.STORAGE_LOCAL:
-        localStorage.setItem(this.storageKey, value);
+        ampLocalStorage.setItem(this.storageKey, value);
         break;
       case Constants.STORAGE_COOKIES:
         baseCookie.set(this.getCookieStorageKey(), value, {
@@ -113,10 +114,14 @@ class MetadataStorage {
       str = baseCookie.get(this.getCookieStorageKey() + '=');
     }
     if (!str) {
-      str = localStorage.getItem(this.storageKey);
+      str = ampLocalStorage.getItem(this.storageKey);
     }
     if (!str) {
-      str = window.sessionStorage && window.sessionStorage.getItem(this.storageKey);
+      try {
+        str = window.sessionStorage && window.sessionStorage.getItem(this.storageKey);
+      } catch (e) {
+        utils.log.info(`window.sessionStorage unavailable. Reason: "${e}"`);
+      }
     }
 
     if (!str) {

diff --git a/src/options.js b/src/options.js
@@ -44,6 +44,7 @@ if (BUILD_COMPAT_REACT_NATIVE) {
  * @property {boolean} [saveParamsReferrerOncePerSession=`true`] -  If `true`, then includeGclid, includeFbclid, includeReferrer, and includeUtm will only track their respective properties once per session. New values that come in during the middle of the user's session will be ignored. Set to false to always capture new values.
  * @property {boolean} [secureCookie=`false`] -  If `true`, the amplitude cookie will be set with the Secure flag.
  * @property {number} [sessionTimeout=`30*60*1000` (30 min)] -  The time between logged events before a new session starts in milliseconds.
+ * @property {string[]} [storage=`''`] - Sets storage strategy.  Options are 'cookies', 'localStorage', 'sessionStorage', or `none`. Will override `disableCookies` option
  * @property {Object} [trackingOptions=`{ city: true, country: true, carrier: true, device_manufacturer: true, device_model: true, dma: true, ip_address: true, language: true, os_name: true, os_version: true, platform: true, region: true, version_name: true}`] - Type of data associated with a user.
  * @property {boolean} [unsetParamsReferrerOnNewSession=`false`] -  If `false`, the existing `referrer` and `utm_parameter` values will be carried through each new session. If set to `true`, the `referrer` and `utm_parameter` user properties, which include `referrer`, `utm_source`, `utm_medium`, `utm_campaign`, `utm_term`, and `utm_content`, will be set to `null` upon instantiating a new session. Note: This only works if `includeReferrer` or `includeUtm` is set to `true`.
  * @property {string} [unsentKey=`amplitude_unsent`] - localStorage key that stores unsent events.