Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replay: recording fails with CSP errors #318

Closed
Tracked by #319
bruno-garcia opened this issue Feb 10, 2023 · 7 comments
Closed
Tracked by #319

Replay: recording fails with CSP errors #318

bruno-garcia opened this issue Feb 10, 2023 · 7 comments
Labels

Comments

@bruno-garcia
Copy link
Member

The playback seems far from what the user saw.

image

Reproed on iOS 16.0.3

SDK: 7.31.1

@bruno-garcia
Copy link
Member Author

@mhartington shared a work around for stack traces he used in the past that might be useful here:

https://github.com/mhartington/sentry-ng-ionic/blob/cfbf173cb80b89d5e43a14cfb6991741996633dc/src/main.ts#L8-L37

@bruno-garcia
Copy link
Member Author

Possibly issues are related to the options combination: https://docs.sentry.io/platforms/javascript/session-replay/privacy/#privacy-configuration

I believe we shouldn't expose capturing Media. Since we can't fetch that at the time of Replay (those are all localhost resources).

Perhaps with blockAllMedia: true which is default, without allowing customers to change this?

@bruno-garcia
Copy link
Member Author

@mhartington suggested:

We customize the scheme and host name in native to support browser apis that are blocked when not loaded via https

server?: {
    /**
     * Configure the local hostname of the device.
     *
     * It is recommended to keep this as `localhost` as it allows the use of
     * Web APIs that would otherwise require a [secure
     * context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts)
     * such as
     * [`navigator.geolocation`](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/geolocation)
     * and
     * [`MediaDevices.getUserMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia).
     *
     * @since 1.0.0
     * @default localhost
     */
    hostname?: string;

    /**
     * Configure the local scheme on iOS.
     *
     * [Can't be set to schemes that the WKWebView already handles, such as http or https](https://developer.apple.com/documentation/webkit/wkwebviewconfiguration/2875766-seturlschemehandler)
     * This can be useful when migrating from
     * [`cordova-plugin-ionic-webview`](https://github.com/ionic-team/cordova-plugin-ionic-webview),
     * where the default scheme on iOS is `ionic`.
     *
     * @since 1.2.0
     * @default capacitor
     */
    iosScheme?: string;

    /**
     * Configure the local scheme on Android.
     *
     * @since 1.2.0
     * @default http
     */
    androidScheme?: string;

See: https://capacitorjs.com/docs/config#schema

@lucas-zimerman lucas-zimerman added bug Something isn't working Effort: Small labels Feb 13, 2023
@lucas-zimerman
Copy link
Collaborator

lucas-zimerman commented Feb 14, 2023

@lucas-zimerman
Copy link
Collaborator

lucas-zimerman commented Feb 14, 2023

One detail that I noticed that's generating CSP errors is that Capacitor adds to the head of the document the following base:
<base href="http://localhost/">

The same can also be replicated if other applications adds the base href as localhost as seen on this sample replay (without using capacitor/ionic):
https://sentry-sdks.sentry.io/replays/sentry-capacitor:37499c8735df470d9545817c6c40208d/?referrer=%2Fdiscover%2F%3AeventSlug%2F&t=7&t_main=console

Perhaps adding a filter to remove such references would decrease the amount of CSP errors.

@github-actions
Copy link
Contributor

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!


"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 6, 2023
@kahest kahest reopened this Jun 6, 2023
@lucas-zimerman
Copy link
Collaborator

I am closing this issue because the CSP errors are no longer happening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Archived in project
Development

No branches or pull requests

3 participants