Closed kevinoe closed 9 months ago
If you look in XhrPlugin.js, there are no calls to this.xhrMap.delete
this.xhrMap.clear
, reassignments or any other way of removing values. The only calls are get
s and a single set
Hi Kevin, I am investigating this issue and will write a patch if necessary. Thank you for raising this issue and I apologize for the inconvenience.
PR has been merged and pending deployment either today or first thing next week. I will update you here, also feel free to contact me with any questions. Thank you for your strong feedback
This patch was shipped today with 1.14.1 to NPM and CDN. Please let me know if you have any further queries
Closed this due to inactivity.
Which web client version did you detect this bug with?
v1.13.7
What environment (build systems, module system, and framework) did you detect this bug with?
TypeScript v4.4.4, Webpack v4.42.0
Is your web application a single page application (SPA) or multi page application (MPA)?
SPA
Please provide your web client configuration
{ guestRoleArn: "arn:aws:iam::099722809053:role/orion-qa-migrate-RUMAppMonitorIAMRole-PHTR2VRVOF8X", identityPoolId: "***", sessionSampleRate: 1, endpoint: "https://dataplane.rum.us-east-1.amazonaws.com", telemetries: ['performance', 'errors', 'http'], allowCookies: true, enableXRay: false, }
Please describe the bug/issue
XhrPlugin seems to be installed at initialization. It wraps XMLHttpRequest. In XhrPlugin.js, all requests are put into a Map called xhrMap: https://github.com/aws-observability/aws-rum-web/blob/main/src/plugins/event-plugins/XhrPlugin.ts#L98
This map uses each request as a key, and seems to use it to keep the request around through its lifetime in order to register events to RUM. However, these entries are NEVER removed. Furthermore, after they receive their responses, the response lives on in the request, which can cause extreme leakage for large requests.
This totally prevents us from using it at all.