Julien Wajsberg

Also, I don't know vscode addon programming, but I'm surprised that an iframe loaded from vscode is restricted by the CSP.

Wondering, would it be possible for an extension to open a top level navigation page instead of opening in an iframe? > > It would be good to limit it...

> I don't think it would be possible to limit only to one endpoint easily. I think it's possible actually, it would be good to try.

In my mind, we'll allow embedding only when requests come for /from-post-message, not all the other endpoints. Tell me if I'm missing something :-)

hey @canova, how do you feel about this change? I think the benefits outweight the risks, but it might be good to ask our security team for their prospective.

Ah right the message isn't great in this case. It's super easy to change at https://github.com/firefox-devtools/profiler/blob/3377d1aa75a00fe1dfed3566daa2d8131b19da19/src/components/app/ProfileLoaderAnimation.js#L23 And add a string in https://github.com/firefox-devtools/profiler/blob/3377d1aa75a00fe1dfed3566daa2d8131b19da19/locales/en-US/app.ftl#L730-L736 (not the other locale files please) This makes...

Maybe that's what "c++ only" should really do. Is the current behavior of "c++ only" actually useful ?

Does the activity graph answer this question? If it's yellow at the top of the graph, it means we're doing JS. Is that good enough?

To fix the initial description, it would be straightforward to update the code in https://github.com/firefox-devtools/profiler/blob/469bf5c6d42e49d94353d718b079c3d0dfad7adc/src/components/app/AppViewRouter.js#L121 Where the boolean could be something such as `dataSource === 'from-file'` for example. You could...

Ah it's interesting! By chance do you have a profile example you can share where the issue happens? Does that happen everytime with this profile? It would make the issue...