Skip to content

Commit 2be8610

Browse files
committed
capture basic csp info
1 parent 08cdcc3 commit 2be8610

File tree

5 files changed

+31
-5
lines changed

5 files changed

+31
-5
lines changed

src/features/jserrors/instrument/index.js

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,11 @@ export class Instrument extends InstrumentBase {
4747
handle('err', [castErrorEvent(errorEvent), now(), false, {}, agentRef.runtime.isRecording], undefined, this.featureName, this.ee)
4848
}, eventListenerOpts(false, this.removeOnAbort?.signal))
4949

50+
globalScope.addEventListener('securitypolicyviolation', (violationEvent) => {
51+
if (!this.abortHandler) return
52+
handle('err', [castErrorEvent(violationEvent), now(), false, { cspViolation: 1 }, agentRef.runtime.isRecording], undefined, this.featureName, this.ee)
53+
})
54+
5055
this.abortHandler = this.#abort // we also use this as a flag to denote that the feature is active or on and handling errors
5156
this.importAggregator(agentRef, () => import(/* webpackChunkName: "jserrors-aggregate" */ '../aggregate'))
5257
}

src/features/jserrors/shared/cast-error.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,12 @@ export function castErrorEvent (errorEvent) {
7070
error.name = SyntaxError.name
7171
return error
7272
}
73+
/** SecurityPolicyViolationEvent does not exist in safari workers */
74+
if (typeof SecurityPolicyViolationEvent !== 'undefined' && errorEvent instanceof SecurityPolicyViolationEvent) {
75+
const error = new UncaughtError(errorEvent.violatedDirective, errorEvent.sourceFile, errorEvent.lineNumber, errorEvent.columnNumber, undefined, `violation of disposition: "${errorEvent.disposition}" of original policy: "${errorEvent.originalPolicy}"`)
76+
error.name = 'ContentSecurityPolicyViolation'
77+
return error
78+
}
7379
if (canTrustError(errorEvent.error)) return errorEvent.error
7480
return castError(errorEvent)
7581
}

src/features/jserrors/shared/uncaught-error.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,13 @@ import { stringify } from '../../../common/util/stringify'
1111
* do not use the Error class (strings, etc) to an object.
1212
*/
1313
export class UncaughtError {
14-
constructor (message, filename, lineno, colno, newrelic) {
14+
constructor (message, filename, lineno, colno, newrelic, cause) {
1515
this.name = 'UncaughtError'
1616
this.message = typeof message === 'string' ? message : stringify(message)
1717
this.sourceURL = filename
1818
this.line = lineno
1919
this.column = colno
2020
this.__newrelic = newrelic
21+
this.cause = cause
2122
}
2223
}

tests/assets/csp-violation.html

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,25 @@
66
<html>
77
<head>
88
<title>RUM Unit Test</title>
9-
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; connect-src *;">
9+
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; connect-src *;" />
1010
{init} {config} {loader}
1111
</head>
12-
<body>Instrumented
12+
<body>
13+
Instrumented
1314
<script>
15+
document.addEventListener("securitypolicyviolation", function (event) {
16+
console.log("CSP Violation:", event);
17+
18+
// Use event metadata to form a "stack trace"-like string
19+
const stackTrace = [`Blocked URI: ${event.blockedURI}`, `Violated Directive: ${event.violatedDirective}`, `Source File: ${event.sourceFile}`, `Line: ${event.lineNumber}`, `Column: ${event.columnNumber}`, `Disposition: ${event.disposition}`].join("\n");
20+
console.log("CSP Violation metadata as stack trace:\n" + stackTrace);
21+
});
22+
1423
// This script will trigger a CSP violation
15-
var script = document.createElement('script');
16-
script.src = 'https://example.com';
24+
var script = document.createElement("script");
25+
script.src = "https://example.com";
1726
document.body.appendChild(script);
1827
</script>
28+
<script src="./js/csp.js"></script>
1929
</body>
2030
</html>

tests/assets/js/csp.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
// This script will trigger a CSP violation
2+
var script = document.createElement('script')
3+
script.src = 'https://example.com'
4+
document.body.appendChild(script)

0 commit comments

Comments
 (0)