Sentry-hosted replay compression worker? #11361
Sweater-Baron
started this conversation in
Features / New SDKs (Integrations) / Ideas
Replies: 1 comment
-
|
This would indeed significantly simplify deploying Sentry alongside a strict CSP. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
In my application, I would like to avoid allowing
blobas aworker-srcin our CSP. (I'm also skeptical thatblobshould be Sentry's recommended solution, as it's equivalent to allowingunsafe-eval. Maybe I'm overestimating what web workers can do, but that seems like it opens up a lot of options for a malicious actor?)I'm looking at the docs on using a custom compression worker for replays: https://docs.sentry.io/platforms/javascript/session-replay/configuration/#using-a-custom-compression-worker
It seems like a pain to self-host the worker script, and to keep it up to date with the code in the Sentry repo.
I'm wondering: Is there any reason Sentry can't host an up-to-date version of the minified worker script at like
https://some-subdomain.sentry.io/worker.min.js? Then people can just allow that for worker-src in their CSP, and avoid the need to useblob, while also avoiding the headache of having to self-host an up-to-date version themselves.Beta Was this translation helpful? Give feedback.
All reactions