✨ [RUM-162] Truncate resources URL containing data URLs

[cy-moi]

Motivation

We're currently collecting the full url data of resources using data: based resource.url .
This is highly inefficient for the ingestion and indexing side and may contain sensitive informations. This data is always truncated to 24k characters when being indexed, which would result in partial images.
In this case, we want to truncate the partial data till only keep the useful information (MIME type, encodings).

Changes

We truncate data:url to the embedding codec when they exceeds 24k
Examples

Edit (Added truncate indicator [...])

Testing

• Local
• Staging
• Unit
• End to end

---

I have gone over the contributing documentation.

[cit-pr-commenter]

Bundles Sizes Evolution

📦 Bundle Name	Base Size	Local Size	𝚫	𝚫%	Status
Rum	156.48 KiB	156.64 KiB	160 B	+0.10%	✅
Logs	55.34 KiB	55.34 KiB	0 B	0.00%	✅
Rum Slim	102.98 KiB	103.18 KiB	208 B	+0.20%	✅
Worker	25.21 KiB	25.21 KiB	0 B	0.00%	✅

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 92.85714% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 93.36%. Comparing base (61258c1) to head (3f1f4c4).
Report is 10 commits behind head on main.

Files	Patch %	Lines
...ages/rum-core/src/domain/resource/resourceUtils.ts	90.90%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2690      +/-   ##
==========================================
- Coverage   93.36%   93.36%   -0.01%     
==========================================
  Files         240      240              
  Lines        6981     6992      +11     
  Branches     1539     1542       +3     
==========================================
+ Hits         6518     6528      +10     
- Misses        463      464       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cy-moi]

/to-staging

[dd-devflow]

🚂 Branch Integration: starting soon, merge in < 10m

Commit 477629a771 will soon be integrated into staging-14.

This build is going to start soon! (estimated merge in less than 10m)

Use /to-staging -c to cancel this operation!

[dd-devflow]

🚂 Branch Integration: This commit was successfully integrated

Commit 477629a771 has been merged into staging-14 in merge commit 8ca824d45b.

Check out the triggered pipeline on Gitlab 🦊

[amortemousque]

❓ question: ‏You are truncating all data:url not only the one above a MAX_ATTRIBUTE_VALUE_CHAR_LENGTH. Is it intended? If yes, could it have an impact on Replay?

[cy-moi]

Yes, it was intended. But then indeed the truncation would prevent some allowed data to show up properly. So fixing on this right now.

[cy-moi]

I've added the length check back to the recorder as well as for the resource url.

[cy-moi]

/to-staging

[dd-devflow]

🚂 Branch Integration: starting soon, merge in < 0s

Commit 9b3336f9e3 will soon be integrated into staging-15.

This build is going to start soon! (estimated merge in less than 0s)

Use /to-staging -c to cancel this operation!

[dd-devflow]

🚨 Branch Integration: The build pipeline contains failing jobs for this merge request

We couldn't automatically merge the commit 9b3336f9e3 into staging-15.
Build pipeline has failing jobs for 151b347

Since those jobs are not marked as being allowed to fail, the pipeline will most likely fail.
Therefore, and to allow other builds to be processed, this merge request has been rejected before the end of the pipeline.

You should have a look at the pipeline, wait for the build to finish and investigate the failures.
When you are ready, re-add your pull request to the queue!

⚠️ Do NOT retry failed jobs directly.

They were executed on a temporary branch created by the merge queue. If you retry them, they are going to fail because the branch no longer exists.

If you think the errors come from a logical conflict with the target branch, you can create a fix by commenting this pull request with /create-fix-branch -b staging-15

Details

List of failed jobs:

• check-staging-merge

Go to failed Gitlab pipeline.

If you need support, contact us on Slack #devflow with those details!

[cy-moi]

/create-fix-branch -b staging-15

[dd-devflow]

🚂 Devflow: /create-fix-branch -b staging-15

Created fix branch fix-merge-9b3336f9e3-into-staging-15 - #2698

[dd-devflow]

🚂 Branch Integration: starting soon, merge in < 0s

Commit 9b3336f9e3 will soon be integrated into staging-15.

This build is going to start soon! (estimated merge in less than 0s)

[dd-devflow]

🚂 Branch Integration

Commit 9b3336f9e3 has been merged into staging-15 in merge commit 2f8877703d.

Check out the triggered pipeline on Gitlab 🦊

[thomas-lebeau]

💬 suggestion: ‏ this function name suggests it's taking a data URL as an input and check if it's too long, while what it is actually doing is taking a string as en input check if it's a data URL and if it's long.

I propose to either:

• rename to something like isLongDataUrl (I think the too is not adding much value)
• split the function in two such as isAboveLimit and isDataUrl

[cy-moi]

Thanks! I searched the codebase and it seems like we are only using this limit length for data URL, hence making it into separate functions feels redundant. But the naming is indeed not accurate. I have renamed it to isLongDataUrl.

[amortemousque]

Shouldn't we also truncate the url coming from performance resource entries?

browser-sdk/packages/rum-core/src/domain/resource/resourceCollection.ts

Line 146 in 160d5fe

url: entry.name,

[cy-moi]

Notes on our slack discussion, we found that here it says:

If an HTML IMG element has a data: URI as its source [RFC2397], then this resource will not be included as a PerformanceResourceTiming object in the Performance Timeline. By definition data: URI contains embedded data and does not require a fetch.

So we do not sanitize data url in this case.

[amortemousque]

💬 suggestion:
It could be nice to have something indicating that it the url has been truncated like data:[<mediatype>] [...] (the same way we do for action names)

[cy-moi]

I've added the [...] as in action names to indicate the truncation.