rollbar.js icon indicating copy to clipboard operation
rollbar.js copied to clipboard
verified publisher icon rollbar

Firefox - Extensions with errors attempt to call Rollbar on page

Open azamatsmith opened this issue 5 years ago • 4 comments

I'm not sure if there is anything that can be done on in the SDK but I wanted to raise awareness in case something can be done.

Error

[Rollbar]: Internal error Error: "Permission denied to access property "_rollbarOldOnError""

What I think is happening

An extension has a JavaScript error and somehow tries to call Rollbar. Firefox issues a warning saying that an extension cannot access Rollbar.

Steps to replicate

  • Install the Code Climate extension for Firefox: https://docs.codeclimate.com/docs/browser-extension#section-firefox
  • Go to any site that uses Rollbar: https://rollbar.com https://circleci.com and check the errors in the console.

Other details

  • Marketing site issue: https://github.com/rollbar/rollbar-website/issues/1610

azamatsmith avatar Mar 23 '20 18:03 azamatsmith

I have also ran into this. To be clear, this crashes the page. At least for app.circleci.com, the result is a white page and the error mentioned above is in the console.

I did a little digging and for some reason, window.onerrror is Restricted { }. I've tried a lot of things (e.g. the ignoreUrls option) but the only solution is to not call Sentry.init. Unfortunately, there's no way to detect when this will fail in advance (e.g. detect rollbar), so I have to manually compare window.location.href to known broken URLs and skip initializing Sentry. OK technically it might be possible to detect rollbar in some cases (window.rollbar) if we wait until the page and assets are loaded, but it's not acceptable to wait, especially when using Sentry.wrap.

This needs an SDK fix.

Side note, @azamatsmith, that rollbar-website issue doesn't exist anymore. I wonder has it moved.

adam-lynch avatar Aug 06 '21 11:08 adam-lynch

@adam-lynch What is the SDK fix you are recommending?

waltjones avatar Aug 06 '21 11:08 waltjones

@waltjones thanks for the quick reply.

Ah sorry what I wrote didn't really make sense, I got mixed up. My extension uses Sentry and it's the combination of both that kills the page. So maybe it's not the exact same case as the original issue. The error is the same; the rollbar SDK fails at https://github.com/rollbar/rollbar.js/blob/a9c567cd1886f177fa4719a0054bff8280928fce/src/browser/globalSetup.js#L8-L9

On one hand I feel like the SDK shouldn't error in this case. Maybe it can test if the property is accessible and or handle the error gracefully. It should never break the page right? (Although maybe the CircleCI source could be made more tolerant too)

From another angle, the extension is breaking rollbar / the page, by somehow creating a "restricted" window.onerror. It must be the Sentry SDK. On that note, I found a way to prevent Sentry from populating onerror. This is now the best solution IMO since it removes the need for URL comparisons. For anyone else who runs into this, see:

  • Documentation: https://docs.sentry.io/platforms/javascript/configuration/integrations/default/#globalhandlers
  • Example: https://github.com/masihniaz/test-auth-service-ui/blob/b52185686ec3337febe33b57d1337c5f3ca887ff/src/services/logService.js#L8-L11

(Side note: you'll only need to do this in content script)

adam-lynch avatar Aug 06 '21 13:08 adam-lynch

I think we get similar issues with some extensions generating calls to Rollbar.

Capture d’écran 2021-12-01 à 08 44 21

We also get sometimes error in included JS files from third-parties.

I wonder if we could have a configuration option in the SDK to avoid reporting those.

Mathiou04 avatar Dec 01 '21 07:12 Mathiou04