Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 7 additions & 20 deletions packages/sveltekit/src/server/handle.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,6 @@ export type SentryHandleOptions = {
* @default true
*/
injectFetchProxyScript?: boolean;

/**
* If this option is set, the `sentryHandle` handler will add a nonce attribute to the script
* tag it injects into the page. This script is used to enable instrumentation of `fetch` calls
* in `load` functions.
*
* Use this if your CSP policy blocks the fetch proxy script injected by `sentryHandle`.
*/
fetchProxyScriptNonce?: string;
};

/**
Expand All @@ -68,21 +59,17 @@ export const FETCH_PROXY_SCRIPT = `
/**
* Adds Sentry tracing <meta> tags to the returned html page.
* Adds Sentry fetch proxy script to the returned html page if enabled in options.
* Also adds a nonce attribute to the script tag if users specified one for CSP.
*
* Exported only for testing
*/
export function addSentryCodeToPage(options: SentryHandleOptions): NonNullable<ResolveOptions['transformPageChunk']> {
const { fetchProxyScriptNonce, injectFetchProxyScript } = options;
// if injectFetchProxyScript is not set, we default to true
const shouldInjectScript = injectFetchProxyScript !== false;
const nonce = fetchProxyScriptNonce ? `nonce="${fetchProxyScriptNonce}"` : '';

export function addSentryCodeToPage(options: { injectFetchProxyScript: boolean }): NonNullable<
ResolveOptions['transformPageChunk']
> {
return ({ html }) => {
const metaTags = getTraceMetaTags();
const headWithMetaTags = metaTags ? `<head>\n${metaTags}` : '<head>';

const headWithFetchScript = shouldInjectScript ? `\n<script ${nonce}>${FETCH_PROXY_SCRIPT}</script>` : '';
const headWithFetchScript = options.injectFetchProxyScript ? `\n<script>${FETCH_PROXY_SCRIPT}</script>` : '';

const modifiedHead = `${headWithMetaTags}${headWithFetchScript}`;

Expand All @@ -106,7 +93,7 @@ export function addSentryCodeToPage(options: SentryHandleOptions): NonNullable<R
* ```
*/
export function sentryHandle(handlerOptions?: SentryHandleOptions): Handle {
const options = {
const options: Required<SentryHandleOptions> = {
handleUnknownRoutes: false,
injectFetchProxyScript: true,
...handlerOptions,
Expand Down Expand Up @@ -144,7 +131,7 @@ export function sentryHandle(handlerOptions?: SentryHandleOptions): Handle {

async function instrumentHandle(
{ event, resolve }: Parameters<Handle>[0],
options: SentryHandleOptions,
options: Required<SentryHandleOptions>,
): Promise<Response> {
if (!event.route?.id && !options.handleUnknownRoutes) {
return resolve(event);
Expand Down Expand Up @@ -174,7 +161,7 @@ async function instrumentHandle(
normalizedRequest: winterCGRequestToRequestData(event.request.clone()),
});
const res = await resolve(event, {
transformPageChunk: addSentryCodeToPage(options),
transformPageChunk: addSentryCodeToPage({ injectFetchProxyScript: options.injectFetchProxyScript }),
});
if (span) {
setHttpStatus(span, res.status);
Expand Down
20 changes: 4 additions & 16 deletions packages/sveltekit/test/server/handle.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -432,36 +432,24 @@ describe('addSentryCodeToPage', () => {
</html>`;

it("Adds add meta tags and fetch proxy script if there's no active transaction", () => {
const transformPageChunk = addSentryCodeToPage({});
const transformPageChunk = addSentryCodeToPage({ injectFetchProxyScript: true });
const transformed = transformPageChunk({ html, done: true });

expect(transformed).toContain('<meta name="sentry-trace"');
expect(transformed).toContain('<meta name="baggage"');
expect(transformed).not.toContain('sentry-transaction=');
expect(transformed).toContain(`<script >${FETCH_PROXY_SCRIPT}</script>`);
expect(transformed).toContain(`<script>${FETCH_PROXY_SCRIPT}</script>`);
});

it('adds meta tags and the fetch proxy script if there is an active transaction', () => {
const transformPageChunk = addSentryCodeToPage({});
const transformPageChunk = addSentryCodeToPage({ injectFetchProxyScript: true });
SentryNode.startSpan({ name: 'test' }, () => {
const transformed = transformPageChunk({ html, done: true }) as string;

expect(transformed).toContain('<meta name="sentry-trace"');
expect(transformed).toContain('<meta name="baggage"');
expect(transformed).toContain('sentry-transaction=test');
expect(transformed).toContain(`<script >${FETCH_PROXY_SCRIPT}</script>`);
});
});

it('adds a nonce attribute to the script if the `fetchProxyScriptNonce` option is specified', () => {
const transformPageChunk = addSentryCodeToPage({ fetchProxyScriptNonce: '123abc' });
SentryNode.startSpan({ name: 'test' }, () => {
const transformed = transformPageChunk({ html, done: true }) as string;

expect(transformed).toContain('<meta name="sentry-trace"');
expect(transformed).toContain('<meta name="baggage"');
expect(transformed).toContain('sentry-transaction=test');
expect(transformed).toContain(`<script nonce="123abc">${FETCH_PROXY_SCRIPT}</script>`);
expect(transformed).toContain(`<script>${FETCH_PROXY_SCRIPT}</script>`);
});
});

Expand Down
Loading