From 1654451cdd805d51b3bb2bd5418248a57dd6cdb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A1lint=20J=C3=B3zsef=20J=C3=A1nv=C3=A1ri?= <4534880+dzsibi@users.noreply.github.com> Date: Tue, 26 Sep 2023 17:40:49 +0200 Subject: [PATCH] fix: Mask page URLs in session recordings --- src/extensions/sessionrecording.ts | 34 +++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/src/extensions/sessionrecording.ts b/src/extensions/sessionrecording.ts index 54e583bd0..06221a17b 100644 --- a/src/extensions/sessionrecording.ts +++ b/src/extensions/sessionrecording.ts @@ -14,8 +14,8 @@ import { truncateLargeConsoleLogs, } from './sessionrecording-utils' import { PostHog } from '../posthog-core' -import { DecideResponse, Properties } from '../types' -import type { eventWithTime, listenerHandler } from '@rrweb/types' +import { DecideResponse, NetworkRequest, Properties } from '../types' +import { EventType, type eventWithTime, type listenerHandler } from '@rrweb/types' import Config from '../config' import { logger, loadScript, _timestamp } from '../utils' @@ -376,7 +376,11 @@ export class SessionRecording { // If anything could go wrong here it has the potential to block the main loop so we catch all errors. try { if (eventName === '$pageview') { - this.rrwebRecord?.addCustomEvent('$pageview', { href: window.location.href }) + const href = this._maskUrl(window.location.href) + if (!href) { + return + } + this.rrwebRecord?.addCustomEvent('$pageview', { href }) } } catch (e) { logger.error('Could not add $pageview to rrweb session', e) @@ -393,6 +397,14 @@ export class SessionRecording { return } + if (rawEvent.type === EventType.Meta) { + const href = this._maskUrl(rawEvent.data.href) + if (!href) { + return + } + rawEvent.data.href = href + } + const throttledEvent = this.mutationRateLimiter ? this.mutationRateLimiter.throttleMutations(rawEvent) : rawEvent @@ -424,6 +436,22 @@ export class SessionRecording { } } + private _maskUrl(url: string): string | undefined { + const userSessionRecordingOptions = this.instance.get_config('session_recording') + + if (userSessionRecordingOptions.maskNetworkRequestFn) { + let networkRequest: NetworkRequest | null | undefined = { + url, + } + + networkRequest = userSessionRecordingOptions.maskNetworkRequestFn(networkRequest) + + return networkRequest?.url + } + + return url + } + private _flushBuffer() { if (this.flushBufferTimer) { clearTimeout(this.flushBufferTimer)