search

getsentry / symbolicator

Native Symbolication as a Service
https://getsentry.github.io/symbolicator/
MIT License
362 stars 51 forks source link

Conditionally treat downloaded HTML files as errors #1526

Closed loewenheim closed 1 month ago

loewenheim commented 1 month ago

We have seen cases where trying to fetch a native source file from a web source can turn up a HTML login page, which is then used for source context. Obviously this is not desirable. On the other hand, in a JS context, it's totally reasonable to have a HTML file as the source file.

I propose we add a flag may_be_html (name subject to change) to HttpRemoteFile that tells the downloader whether a returned HTML file is legit or an error. We would always set this to false from native and true from JS.

bruno-garcia commented 1 month ago

Relates to:

loewenheim commented 1 month ago

Possible alternative solution: reject HTML pages received after a temporary redirect, which should be a good heuristic for a login page.

bruno-garcia commented 1 month ago

Possible alternative solution: reject HTML pages received after a temporary redirect, which should be a good heuristic for a login page.

Agreed!