[Sentry] Error: Fetch failed with status '403': ''

MetaMask / metamask-extension

:globe_with_meridians: :electric_plug: The MetaMask browser extension enables browsing Ethereum blockchain enabled websites

https://metamask.io

Other

12.04k stars 4.92k forks source link

[Sentry] Error: Fetch failed with status '403': '' #20316

Open sentry-io[bot] opened 1 year ago

sentry-io[bot] commented 1 year ago

Sentry Issue: METAMASK-PVS3

Error: Fetch failed with status '403': ''
  at _default (shared/lib/fetch-with-cache.js:42:11)
  at checkTokenDetection (ui/components/ui/new-network-info/new-network-info.js:51:40)
  at checkTokenDetection (ui/components/ui/new-network-info/new-network-info.js:60:11)

403 errors are expected in small numbers. If they occur in large numbers, it may be due to an improper security mechanism we added server side. So if we see a spike in 403s, we should throw an alert so we catch the error state.

Next step:

Send an analytics event to Segment when 403 happens instead of throwing an error that ends up in Sentry. This will reduce unnecessary noise in Sentry (Sentry is meant to be used only for unexpected errors).

gauthierpetetin commented 1 year ago

Events in past 14 days: 327

gauthierpetetin commented 1 year ago

A 403 status typically indicates a "Forbidden" response, suggesting that MetaMask does not have permission to access a particular resource or endpoint. The subsequent message, "Failed to fetch Swaps feature flags and Swaps liveness, defaulting to false.", indicates that because the fetch failed, the feature flags for "Swaps" were set to false by default.

danjm commented 1 year ago

This error seems to be tracking not just 403 failures, but any failed requests in fetch--with-cache that don't meet the if (!response.ok) { condition

It seems there are cases where fetchWithCache is called from ui/components/ui/new-network-info/new-network-info.js and it can fail with a 403

There are other cases where fetchWithCache is called from ui/pages/swaps/swaps.util.ts and it can fail with a 422

Another is ui/pages/swaps/swaps.util.ts in a.fetchTopAssets

Another is ui/pages/swaps/swaps.util.ts in a.fetchAggregatorMetadata

As a solution to this problem, we could look at each place that fetchWithCache is called, and add specific handling for 403, 422 and 429 errors.

DDDDDanica commented 1 year ago

After having a chat with @gauthierpetetin we would like to solve this issue in following way: 1- trace the issue to see if there’s a way to fix for each error code eg: 502 is caused by language missing in some locales Private Zenhub Image

2- improve the error message to log better: eg: Fetch with cache failed within function 'getIsTokenDetectionSupported' with status '502':

gauthierpetetin commented 1 year ago

There is a similar Sentry issue for calls to RPC provider, while this Sentry issue happens for specific API requests.

In the case of calls to RPC providers:

We need a generic error message we fallback to, displayed in a "floating toast"

In the case of specific API requests:

We need to handle error messages on a case by case basis for each API, displayed on the page where this API is called

gauthierpetetin commented 1 year ago

This PR from @DDDDDanica will disaggregate the Sentry issue into multiple ones, which will allow us to have access to a list of different events for each specific API.

gauthierpetetin commented 1 year ago

Next steps:

Handle the most prominent cases for now which are swaps.js and new-network-info.js.
For these two, understand what would lead the API to fail in that way
Go to the devtools and disable that API url to see how the Extension fails
Then discuss with @gauthierpetetin about action to take

DDDDDanica commented 1 year ago

Tickets created: Swaps: https://github.com/MetaMask/metamask-extension/issues/20838 new-network-info: https://github.com/MetaMask/metamask-extension/issues/20853

gauthierpetetin commented 1 year ago

With @DDDDDanica 's PR now being merged and released in prod, we have a list new Sentry issues (one for each specific API). We will link all these new Sentry issues to this Github issue.

sentry-io[bot] commented 1 year ago

Sentry issue: METAMASK-X7EP

sentry-io[bot] commented 1 year ago

Sentry issue: METAMASK-X7EN

sentry-io[bot] commented 1 year ago

Sentry issue: METAMASK-X7EM

gauthierpetetin commented 1 year ago

Hi @cloudonshore , do you have an idea what can lead to these 403 errors? Here's the specific Sentry issue we're investigating. Here's the API endpoint being called: https://token-api.metaswap.codefi.network/tokens/0xe708

sentry-io[bot] commented 1 year ago

Sentry issue: METAMASK-X7JJ

sentry-io[bot] commented 10 months ago

Sentry issue: METAMASK-X89G

github-actions[bot] commented 4 months ago

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 45 days if there is no further activity. The MetaMask team intends on reviewing this issue before close, and removing the stale label if it is still a bug. We welcome new comments on this issue. We do not intend on closing issues if they report bugs that are still reproducible. Thank you for your contributions.

gauthierpetetin commented 4 months ago

@DDDDDanica 's PR has allowed to offer better visibility on what API calls are failing causing these issues.

gauthierpetetin commented 2 months ago

Comment from API Platform team:

403 errors are expected in small numbers. If they occur in large numbers, it may be due to an improper security mechanism we added server side. So if we see a spike in 403s, we should throw an alert so we catch the error state.

Next step:

Send an analytics event to Segment when 403 happens instead of throwing an error that ends up in Sentry. This will reduce unnecessary noise in Sentry (Sentry is meant to be used only for unexpected errors).