💥 [RUMF-1473] Ignore untrusted event #2308
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amortemousque
changed the title
amortemousque
force-pushed
the
aymeric/v5-ignore-untrusted-event
branch
from
1b70723 to
c1ae25d
Compare
amortemousque
force-pushed
the
aymeric/v5-ignore-untrusted-event
branch
from
8bbb267 to
a0847f4
Compare
Codecov Report
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
bcaudan
reviewed
Jun 30, 2023
amortemousque
changed the title
amortemousque
force-pushed
the
aymeric/v5-ignore-untrusted-event
branch
from
6562f01 to
53ed383
Compare
BenoitZugmeyer
approved these changes
Jun 30, 2023
bcaudan
reviewed
Jul 3, 2023
amortemousque
force-pushed
the
aymeric/v5-ignore-untrusted-event
branch
from
5a8256a to
6f042de
Compare
bcaudan
approved these changes
Jul 3, 2023
| const eventTarget = document.createElement('div') | ||
| addEventListener(eventTarget, DOM_EVENT.CLICK, listener) | ||
|
|
||
| const event = createNewEvent(DOM_EVENT.CLICK, { __ddIsTrusted: undefined }) |
There was a problem hiding this comment.
💬 suggestion:
Suggested change
| const event = createNewEvent(DOM_EVENT.CLICK, { __ddIsTrusted: undefined }) | |
| const event = createNewEvent(DOM_EVENT.CLICK) |
or is it needed for some reason?
There was a problem hiding this comment.
Yes it is because by default createNewEvent set __ddIsTrusted to true
bcaudan
added a commit
that referenced
this pull request
Jul 6, 2023
…nto staging-27 pm_trace_id: 17523917 feature_branch_pipeline_id: 17523917 source: to-staging * commit '11385ba83689c56a29da7f94922036d5a5a4487c': fix v5.0.0-alpha.0 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
bcaudan
added a commit
that referenced
this pull request
Jul 20, 2023
pm_trace_id: 18017467 feature_branch_pipeline_id: 18017467 source: to-staging * commit '5bc99408ea1dffffedaf9e13facb23f14c1f0c0f': v5.0.0-alpha.0 (#2321) 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
bcaudan
added a commit
that referenced
this pull request
Jul 24, 2023
…to staging-30 pm_trace_id: 18134140 feature_branch_pipeline_id: 18134140 source: to-staging * commit '0a071035d316ab4a89e7ce06c7e0182e51dd0ef3': v5.0.0-alpha.0 (#2321) 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
4 tasks
amortemousque
added a commit
that referenced
this pull request
Sep 19, 2023
pm_trace_id: 20186620 feature_branch_pipeline_id: 20186620 source: to-staging * commit 'f69f12e544b6325b6a4977a2ffb9d66e8dd8a394': 👷 fix merge ✨ [RUM-255] add allowUntrustedEvents config parameter (#2347) 💥 [RUMF-1597] Drop `plan` and send `sampled_for_replay` (#2293) v5.0.0-alpha.0 (#2321) 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
yannickadam
added a commit
that referenced
this pull request
Oct 3, 2023
pm_trace_id: 20829111 feature_branch_pipeline_id: 20829111 source: to-staging * commit '4196b47176ab4153b6dd6c64661272f3f299b9fc': Update lock file 👷 fix merge ✨ [RUM-255] add allowUntrustedEvents config parameter (#2347) 💥 [RUMF-1597] Drop `plan` and send `sampled_for_replay` (#2293) v5.0.0-alpha.0 (#2321) 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
bcaudan
added a commit
that referenced
this pull request
Oct 9, 2023
pm_trace_id: 21159925 feature_branch_pipeline_id: 21159925 source: to-staging * commit '1a45207eb54828a9ae04a48d773416ec3d6d7e38': 🐛 bridge action e2e: wait for click chain timeout (#2460) v4.50.1 (#2459) ✨ [RUM-1210] Add W3C tracecontext to default propagator types (#2443) Update lock file 👷 fix merge ✨ [RUM-255] add allowUntrustedEvents config parameter (#2347) 💥 [RUMF-1597] Drop `plan` and send `sampled_for_replay` (#2293) v5.0.0-alpha.0 (#2321) 💥 [RUMF-1577] Stop collecting foreground periods (#2311) 💥 [RUMF-1473] Ignore untrusted event (#2308) 💥[RUMF-1564] remove intake subdomains (#2309) 💥 beforeSend domain context: use PerformanceEntry (#2300) 💥 Typings: consistent beforeSend return type (#2303) 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) 💥[RUMF-1228] Remove console error message prefix (#2289) 💥 [RUMF-1555] Rework logger context APIs (#2285) 💥[RUMF-1152] sanitize resource method names (#2288) 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) 💥 [RUMF-1555] Remove `event` in action domain context (#2286) ♻️ Remove deprecated context manager APIs (#2284) 💥 [RUMF-1589] automatically start recording (#2275) 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) 💥 [RUMF-1588] Update default session replay behaviour (#2257) 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) 💥[RUMF-1554] Drop some deprecated config parameters (#2238) 💥 Promote track frustration as default action behaviour (#2232)
bcaudan
added a commit
that referenced
this pull request
Oct 9, 2023
* 💥 Promote track frustration as default action behaviour (#2232) * 💥[RUMF-1554] Drop some deprecated config parameters (#2238) * 💥 drop proxyUrl * 💥 drop sampleRate * 💥 drop allowedTracingOrigins * 💥 drop tracingSampleRate * 💥 drop trackInteractions * 👌 typo Co-authored-by: Yannick Adam <[email protected]> * 👌remove outdated comment --------- Co-authored-by: Yannick Adam <[email protected]> * 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) * 💥 Drop removeUser * 💥 Drop (Rum|Logger)GlobalContext APIs * 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) * 🔥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` * 👌 wording Co-authored-by: Aymeric <[email protected]> * 👌use trackResources/LongTasks directly from configuration * 👌remove useless config copy --------- Co-authored-by: Aymeric <[email protected]> * 💥 [RUMF-1588] Update default session replay behaviour (#2257) * 💥 update default sessionReplaySampleRate * 💥 update default defaultPrivacyLevel * tweak obfuscation scenarios * 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) * 💥 [RUMF-1589] automatically start recording (#2275) * ♻️ buffer start/stop recorder API calls before init * ✨add option to opt out of automatic recording * 💥automatically start recording by default * ♻️ cleanup scenarios using replay * 👌fix test description * ♻️ Remove deprecated context manager APIs (#2284) * 💥 [RUMF-1555] Remove `event` in action domain context (#2286) * 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) * 💥[RUMF-1152] sanitize resource method names (#2288) * 💥 [RUMF-1555] Rework logger context APIs (#2285) * 💥[RUMF-1228] Remove console error message prefix (#2289) * 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) * Improve types * Remove error.origin * 👌add test for all statuses/apis * 👌remove console override * 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) * 💥 add main logger context only to main logger logs * 💥 apply main logger level only to main logger logs * ♻️ merge logger context with message context in logger collection * 💥 Typings: consistent beforeSend return type (#2303) * 💥 beforeSend domain context: use PerformanceEntry (#2300) * 💥[RUMF-1564] remove intake subdomains (#2309) * 💥 [RUMF-1473] Ignore untrusted event (#2308) * 💥 [RUMF-1577] Stop collecting foreground periods (#2311) * v5.0.0-alpha.0 (#2321) * 💥 [RUMF-1597] Drop `plan` and send `sampled_for_replay` (#2293) * 🔥remove session plan * ✨send `session.sampled_for_replay` * 👷update sandbox no need to start replay anymore * ✨ [RUM-255] add allowUntrustedEvents config parameter (#2347) * ♻️ remove track(Resources|LongTasks) from core configuration * ✨add allowUntrustedEvents config param * ✨addEventListener: take configuration.allowUntrustedEvents into account * ♻️ propagate signature change * update rum-events-format * 👷 fix merge * Update lock file * ✨ [RUM-1210] Add W3C tracecontext to default propagator types (#2443) * Ensure both Datadog and Tracecontext headers are present by default * 🐛 bridge action e2e: wait for click chain timeout (#2460) consistent failure on this test on firefox since the action behaviour update --------- Co-authored-by: Yannick Adam <[email protected]> Co-authored-by: Aymeric <[email protected]> Co-authored-by: Aymeric <[email protected]>
bcaudan
added a commit
that referenced
this pull request
Oct 16, 2023
* 💥 Promote track frustration as default action behaviour (#2232) * 💥[RUMF-1554] Drop some deprecated config parameters (#2238) * 💥 drop proxyUrl * 💥 drop sampleRate * 💥 drop allowedTracingOrigins * 💥 drop tracingSampleRate * 💥 drop trackInteractions * 👌 typo Co-authored-by: Yannick Adam <[email protected]> * 👌remove outdated comment --------- Co-authored-by: Yannick Adam <[email protected]> * 💥 [RUMF-1554] Drop some deprecated public APIs (#2241) * 💥 Drop removeUser * 💥 Drop (Rum|Logger)GlobalContext APIs * 💥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` (#2256) * 🔥 [RUMF-1587] Remove `premiumSampleRate` and `replaySampleRate` * 👌 wording Co-authored-by: Aymeric <[email protected]> * 👌use trackResources/LongTasks directly from configuration * 👌remove useless config copy --------- Co-authored-by: Aymeric <[email protected]> * 💥 [RUMF-1588] Update default session replay behaviour (#2257) * 💥 update default sessionReplaySampleRate * 💥 update default defaultPrivacyLevel * tweak obfuscation scenarios * 🐛 [RUMF-1499] Don't send duration for resources crossing a page frozen state (#2271) * 💥 [RUMF-1589] automatically start recording (#2275) * ♻️ buffer start/stop recorder API calls before init * ✨add option to opt out of automatic recording * 💥automatically start recording by default * ♻️ cleanup scenarios using replay * 👌fix test description * ♻️ Remove deprecated context manager APIs (#2284) * 💥 [RUMF-1555] Remove `event` in action domain context (#2286) * 🔥 [RUMF-1555] Remove `startTime` in xhr start context (#2287) * 💥[RUMF-1152] sanitize resource method names (#2288) * 💥 [RUMF-1555] Rework logger context APIs (#2285) * 💥[RUMF-1228] Remove console error message prefix (#2289) * 💥[RUMF-1229] Logs: remove `error.origin` attribute (#2294) * Improve types * Remove error.origin * 👌add test for all statuses/apis * 👌remove console override * 💥[RUMF-1230] Only apply main logger configuration to its own logs (#2298) * 💥 add main logger context only to main logger logs * 💥 apply main logger level only to main logger logs * ♻️ merge logger context with message context in logger collection * 💥 Typings: consistent beforeSend return type (#2303) * 💥 beforeSend domain context: use PerformanceEntry (#2300) * 💥[RUMF-1564] remove intake subdomains (#2309) * 💥 [RUMF-1473] Ignore untrusted event (#2308) * 💥 [RUMF-1577] Stop collecting foreground periods (#2311) * v5.0.0-alpha.0 (#2321) * 💥 [RUMF-1597] Drop `plan` and send `sampled_for_replay` (#2293) * 🔥remove session plan * ✨send `session.sampled_for_replay` * 👷update sandbox no need to start replay anymore * ✨ [RUM-255] add allowUntrustedEvents config parameter (#2347) * ♻️ remove track(Resources|LongTasks) from core configuration * ✨add allowUntrustedEvents config param * ✨addEventListener: take configuration.allowUntrustedEvents into account * ♻️ propagate signature change * update rum-events-format * 👷 fix merge * Update lock file * ✨ [RUM-1210] Add W3C tracecontext to default propagator types (#2443) * Ensure both Datadog and Tracecontext headers are present by default * Update READMEs for v5 --------- Co-authored-by: Yannick Adam <[email protected]> Co-authored-by: Aymeric <[email protected]> Co-authored-by: Aymeric <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Untrusted events (
event.isTrusted: false) are arbitrarily crafted by the application: some properties expected by the SDK might be missing or might not reflect legitimate data. Therefore untrusted event are now ignored.It's important to note that:
event.__ddIsTrusted: trueChanges
Ignore untrusted events
Testing
I have gone over the contributing documentation.