Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(browser): Prevent initialization in browser extensions #10844

Merged
merged 4 commits into from
Feb 29, 2024

Conversation

s1gr1d
Copy link
Member

@s1gr1d s1gr1d commented Feb 28, 2024

Prevents initialization inside chrome.* and browser.* extension environments.
Also refactored init() in browser because of eslint warning about too much complexity.
Fixes #10632

@s1gr1d s1gr1d self-assigned this Feb 28, 2024
@s1gr1d s1gr1d requested a review from mydea February 28, 2024 13:57
@s1gr1d s1gr1d changed the title Prevent SDK initialization via Sentry.init in browser extensions feat(browser): Prevent initialization in browser extensions Feb 28, 2024
@s1gr1d s1gr1d force-pushed the sig-prevent-init-in-extension branch from 8e2fa68 to 1b85c6b Compare February 28, 2024 15:30
consoleSandbox(() => {
// eslint-disable-next-line no-console
console.error(
'[Sentry] You cannot run Sentry this way in an extension, check: https://docs.sentry.io/platforms/javascript/troubleshooting/#setting-up-sentry-in-shared-environments-eg-browser-extensions',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
'[Sentry] You cannot run Sentry this way in an extension, check: https://docs.sentry.io/platforms/javascript/troubleshooting/#setting-up-sentry-in-shared-environments-eg-browser-extensions',
'[Sentry] You cannot run Sentry this way in a browser extension, check: https://docs.sentry.io/platforms/javascript/troubleshooting/#setting-up-sentry-in-shared-environments-eg-browser-extensions',

maybe a bit clearer, wording wise? 🤔

it('should log a browser extension error if executed inside a Chrome extension', () => {
const consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation(() => {});

Object.defineProperty(WINDOW, 'chrome', {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add an afterEach block that resets this back to undefined, to ensure we don't leak this into other tests!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this block to reset it and I also added the test for the regular browser environment at last to make sure this fails directly if browser or chrome is still part of the globals.

Copy link
Contributor

github-actions bot commented Feb 28, 2024

size-limit report 📦

Path Size
@sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 77.33 KB (+0.21% 🔺)
@sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 68.58 KB (+0.23% 🔺)
@sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 72.49 KB (+0.22% 🔺)
@sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 62.13 KB (+0.26% 🔺)
@sentry/browser (incl. Tracing) - Webpack (gzipped) 32.81 KB (+0.49% 🔺)
@sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 32.81 KB (+0.49% 🔺)
@sentry/browser (incl. Feedback) - Webpack (gzipped) 30.96 KB (+0.49% 🔺)
@sentry/browser (incl. sendFeedback) - Webpack (gzipped) 30.96 KB (+0.49% 🔺)
@sentry/browser - Webpack (gzipped) 22.23 KB (+0.62% 🔺)
@sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped) 75.73 KB (+0.21% 🔺)
@sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 67.41 KB (+0.23% 🔺)
@sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 33.25 KB (+0.48% 🔺)
@sentry/browser - ES6 CDN Bundle (gzipped) 24.73 KB (+0.6% 🔺)
@sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 211.03 KB (+0.14% 🔺)
@sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 99.75 KB (+0.29% 🔺)
@sentry/browser - ES6 CDN Bundle (minified & uncompressed) 73.93 KB (+0.39% 🔺)
@sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 36.31 KB (+0.43% 🔺)
@sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 68.85 KB (+0.22% 🔺)
@sentry/react - Webpack (gzipped) 22.26 KB (+0.62% 🔺)
@sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 85.33 KB (+0.17% 🔺)
@sentry/nextjs Client - Webpack (gzipped) 49.67 KB (+0.3% 🔺)
@sentry-internal/feedback - Webpack (gzipped) 17.03 KB (0%)

@s1gr1d s1gr1d force-pushed the sig-prevent-init-in-extension branch from 1b85c6b to 6516bc9 Compare February 28, 2024 16:37
@s1gr1d s1gr1d requested a review from mydea February 28, 2024 16:42
Copy link
Member

@mydea mydea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very nice! Added two more very small nits, but this is good to go from my POV! great work :)

import * as Sentry from '@sentry/browser';

window.Sentry = Sentry;
window.browser = { runtime: { id: 'mock-extension-id' } };
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
window.browser = { runtime: { id: 'mock-extension-id' } };
// We mock this here to simulate a browser extension
window.browser = { runtime: { id: 'mock-extension-id' } };

maybe leave a comment here for our future selves to know why this exists xD

import * as Sentry from '@sentry/browser';

window.Sentry = Sentry;
window.chrome = { runtime: { id: 'mock-extension-id' } };
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
window.chrome = { runtime: { id: 'mock-extension-id' } };
// We mock this here to simulate a browser extension
window.chrome = { runtime: { id: 'mock-extension-id' } };

@s1gr1d s1gr1d force-pushed the sig-prevent-init-in-extension branch from 6516bc9 to 8c5ebc0 Compare February 29, 2024 10:31
@s1gr1d s1gr1d enabled auto-merge (squash) February 29, 2024 12:23
@s1gr1d s1gr1d merged commit 784b485 into develop Feb 29, 2024
93 checks passed
@s1gr1d s1gr1d deleted the sig-prevent-init-in-extension branch February 29, 2024 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Prevent SDK initialization via Sentry.init in Chrome extension
2 participants