fix: filter out all unsafe-eval csp errors (#6409)

* update match * Update src/tracing/errors.ts Co-authored-by: Zach Pomerantz <zzmp@uniswap.org> * lint * add test ---------
2023-04-21 10:58:49 -04:00 · 2023-04-21 10:58:49 -04:00 · fcc6a2d560
commit fcc6a2d560
parent 98841c783d
2 changed files with 20 additions and 10 deletions
--- a/src/tracing/errors.test.ts
+++ b/src/tracing/errors.test.ts
@ -8,6 +8,11 @@ describe('filterKnownErrors', () => {
    expect(filterKnownErrors(ERROR, {})).toBe(ERROR)
  })

+  it('propagates an error with generic text', () => {
+    const originalException = new Error('generic error copy')
+    expect(filterKnownErrors(ERROR, { originalException })).toBe(ERROR)
+  })
+
  it('filters block number polling errors', () => {
    const originalException = new (class extends Error {
      requestBody = JSON.stringify({ method: 'eth_blockNumber' })
@ -30,10 +35,19 @@ describe('filterKnownErrors', () => {
    expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
  })

-  it('filters CSP unsafe-eval errors', () => {
-    const originalException = new Error(
-      "Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
-    )
-    expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+  describe('Content Security Policy', () => {
+    it('filters unsafe-eval evaluate errors', () => {
+      const originalException = new Error(
+        "Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
+      )
+      expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+    })
+
+    it('filters CSP unsafe-eval compile/instatiate errors', () => {
+      const originalException = new Error(
+        "Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..."
+      )
+      expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
+    })
  })
 })
--- a/src/tracing/errors.ts
+++ b/src/tracing/errors.ts
@ -52,11 +52,7 @@ export const filterKnownErrors: Required<ClientOptions>['beforeSend'] = (event:
     * For example, if a user runs an eval statement in console this error would still get thrown.
     * TODO(INFRA-176): We should extend this to filter out any type of CSP error.
     */
-    if (
-      error.message.match(
-        /Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive/
-      )
-    ) {
+    if (error.message.match(/'unsafe-eval'.*content security policy/i)) {
      return null
    }
  }