Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replay causes error Blocked a frame with origin <hostname> from accessing a frame with origin "https://js.stripe.com" in Safari when Stripe payment form is on the page #13173

Open
3 tasks done
jakst opened this issue Aug 2, 2024 · 11 comments · Fixed by getsentry/rrweb#212
Assignees
Labels
Migrated Package: browser Issues related to the Sentry Browser SDK Package: replay Issues related to the Sentry Replay SDK

Comments

@jakst
Copy link

jakst commented Aug 2, 2024

Is there an existing issue for this?

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/browser

SDK Version

8.22.0

Framework Version

No response

Link to Sentry event

No response

Reproduction Example/SDK Setup

Sentry.init({
  dsn: "https://[email protected]/0",
  replaysSessionSampleRate: 1,
  integrations: [
    Sentry.replayIntegration({
      block: ["iframe"],
    }),
  ],
})

Steps to Reproduce

A minimal reproduction repro with a deployed example is available at https://github.com/jakst/sentry-replay-stripe. Basically running the Sentry Replay integration when a Stripe form is rendered causes this error Blocked a frame with origin "https://sentry-replay-stripe.vercel.app" from accessing a frame with origin "https://js.stripe.com".

I was following along in #6560 and though the issue was resolved, but even though I have confirmed the claimed fix is present in our version of the SDK, we still get this error with the stripe form together with Sentry Replay.

Expected Result

I would expect that setting block: ["iframe"] allows us to render the Stripe payments form without getting any errors.

Actual Result

This error is written in the console on Safari

Blocked a frame with origin "https://sentry-replay-stripe.vercel.app" from accessing a frame with origin "https://js.stripe.com". Protocols, domains, and ports must match.
@jakst jakst added the Type: Bug label Aug 2, 2024
@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 3 Aug 2, 2024
@github-actions github-actions bot added the Package: browser Issues related to the Sentry Browser SDK label Aug 2, 2024
@jakst jakst changed the title Replay causes error Blocked a frame with origin <hostname> from accessing a cross-origin frame. in Safari when Stripe payment form is on the page Replay causes error Blocked a frame with origin <hostname> from accessing a frame with origin "https://js.stripe.com" in Safari when Stripe payment form is on the page Aug 2, 2024
@chargome chargome added the Package: replay Issues related to the Sentry Replay SDK label Aug 2, 2024
@billyvg
Copy link
Member

billyvg commented Aug 2, 2024

Ah, it's likely that we don't check the block attribute when an iframe gets added to the DOM after the snapshot.

@jakst
Copy link
Author

jakst commented Aug 3, 2024

Ah, it's likely that we don't check the block attribute when an iframe gets added to the DOM after the snapshot.

Yeah that sounds like it could be it!

@andreiborza
Copy link
Member

@billyvg I've assigned this to you. Let me know if there's something we can help with.

@getsantry getsantry bot removed the status in GitHub Issues with 👀 3 Aug 5, 2024
billyvg added a commit to getsentry/rrweb that referenced this issue Aug 8, 2024
This fixes a bug with iframes that are dynamically added to the DOM after the snapshot is taken where it is not being blocked at all. This ensures we check if iframe is considered blocked before adding to iframe manager.

Closes getsentry/sentry-javascript#13173
jakst added a commit to jakst/sentry-replay-stripe that referenced this issue Sep 3, 2024
Upgrade Sentry to v8.28.0

This include rrweb v2.26.0 with getsentry/rrweb#212 which claims to fix getsentry/sentry-javascript#13173
@jakst
Copy link
Author

jakst commented Sep 3, 2024

@andreiborza @billyvg getsentry/rrweb#212 was just released in Sentry. I tried upgrading to v8.28.0 in my reproduction repo, but the issue is still there for me. I have confirmed that the changes from getsentry/rrweb#212 are included in the release.

Would you consider reopening this issue? Here's the deployed app with the issue https://sentry-replay-stripe.vercel.app. You can find the repo in the original description.

@billyvg billyvg reopened this Sep 3, 2024
@billyvg
Copy link
Member

billyvg commented Sep 3, 2024

@jakst thanks, looks like we are attempting to attach a load event listener to the iframe even if it is blocked (I believe this is semi-intentional since we want the dimensions of the iframe after it loads because the dimensions are used for the iframe placeholder).

@jakst
Copy link
Author

jakst commented Sep 4, 2024

Should I interpret that as "working as intended"? Or will you investigate if there are ways around it? If the browser blocks the listener from attaching to the iframe anyway, it doesn't sound like it needs to run in this case

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 3 Sep 4, 2024
@billyvg
Copy link
Member

billyvg commented Sep 4, 2024

No, no conclusion yet, I've just identified the code in question (and a possible side-effect). We'll have to look into this a bit more and see if conditionally attaching event listener will cause anything unintended

@getsantry getsantry bot removed the status in GitHub Issues with 👀 3 Sep 4, 2024
@c298lee c298lee self-assigned this Sep 19, 2024
@metalmarker
Copy link

I'm experiencing the same issue, but without having Replay enabled.
The only integration I have on init is reactRouterV6BrowserTracingIntegration.

I'm on sentry/[email protected].

@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 3 Sep 20, 2024
@andreiborza
Copy link
Member

@metalmarker thanks for chiming in. Could you provide a minimal reproduction repo or stackblitz

@billyvg billyvg removed their assignment Oct 15, 2024
@getsantry getsantry bot moved this to Waiting for: Community in GitHub Issues with 👀 3 Dec 10, 2024
@getsantry
Copy link

getsantry bot commented Jan 1, 2025

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!


"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@getsantry getsantry bot added the Stale label Jan 1, 2025
@jakst
Copy link
Author

jakst commented Jan 2, 2025

Not stale

@getsantry getsantry bot moved this from Waiting for: Community to Waiting for: Product Owner in GitHub Issues with 👀 3 Jan 2, 2025
@getsantry getsantry bot removed the Stale label Jan 3, 2025
@getsantry getsantry bot removed the status in GitHub Issues with 👀 3 Jan 3, 2025
@linear linear bot added the Migrated label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Migrated Package: browser Issues related to the Sentry Browser SDK Package: replay Issues related to the Sentry Replay SDK
Projects
Status: No status
Development

Successfully merging a pull request may close this issue.

8 participants