esm.sh Whitelisting broken? - Failed to import

Whitelisting broken? - Failed to import - @sentry/astro

Open Johannes-Andersen opened this issue 7 months ago • 3 comments

Failing module

GitHub: https://github.com/getsentry/sentry-javascript
npm: https://www.npmjs.com/package/@sentry/astro

import Sentry from "https://www.vg.no/esm/@sentry/[email protected]?target=es2020"

Error message

Package import: https://www.vg.no/esm/@sentry/[email protected]?target=es2020

Resolves this:

/* esm.sh - @sentry/[email protected] */
import "/esm/esm/v135/@sentry/[email protected]/es2020/browser.mjs";
import "/esm/esm/v135/@sentry/[email protected]/es2020/core.mjs";
export * from "/esm/v135/@sentry/[email protected]/es2020/astro.mjs";

When the browser then tries to resolve those URLS, it fails (those with esm/esm)

Responds with 403 forbidden: https://www.vg.no/esm/esm/v135/@sentry/[email protected]/es2020/browser.mjs

Allow list is: Screenshot 2024-07-26 at 17 37 03

Is this check failing due to not extracting the package name/scope correctly? Only happens for URLs that has the double esm/esm https://github.com/esm-dev/esm.sh/blob/72fb460530047e34fa5509b98b3f166732bfa53c/server/router.go#L565

Additional info

esm.sh version: v135_3
Browser version: Any

Jul 26 '24 15:07 Johannes-Andersen

esm.sh esm.sh copied to clipboard

Whitelisting broken? - Failed to import - @sentry/astro

Failing module

Error message

Additional info

esm.sh
esm.sh copied to clipboard