Open adrian-heath opened 6 months ago
Its not actually a script that it's loading, but it is reaching out to download a json file, we documented this process here https://github.com/microsoft/ApplicationInsights-JS?tab=readme-ov-file#service-notification as we have been preparing for this for the last few versions.
Adn we have documented how to disable this capability here https://github.com/microsoft/ApplicationInsights-JS/blob/main/docs/WebConfig.md#basic-usage
please try disable downloading the script by following https://github.com/microsoft/ApplicationInsights-JS/blob/main/docs/WebConfig.md#disable-fetching-from-cdn please let us know if it works!
I'm seeing the same issue. I must say that after reading the documentation it is not at all clear to me what these plugins are.
A couple of questions:
Hi @ad-eg-dk
disableIkeyDeprecationMessage
(https://github.com/microsoft/ApplicationInsights-JS#:~:text=disableIkeyDeprecationMessage) is set to false
cfgUrl
to your own endpoint https://github.com/microsoft/ApplicationInsights-JS/tree/main/extensions/applicationinsights-cfgsync-js#:~:text=configuration%20change%20details.-,cfgUrl,-string%0A%5BOptional%5DHi There
After probably 1h of 2 devs struggling with this, we understood the following:
For users like us, who already switched to connection strings after the first deprecation notice, this creates a load of unnecessary complexity, which is not needed and very badly documented. We get warnings about access to the cdn, as we have a very strict Content-Security Policy set on our app, which does not allow connecting to random new endpoints, which are not documented in any release notes.
I would wish for release notes to not only contain technical changes ("feature opt in is now default for config sync and throttlemanager") which are very cryptic and not understandable at all, but also a high level description like: "hey, we now enable this so we can make others aware of the deprecation. If you already migrated, you can ignore the warnings/turn off the features."
How can I desactivate the functions so that I don't get this error with https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json
? Im using the connection strings.
Hi @Karlie-777
Thanks for looking at this issue, we have tried your suggestion but it is not working.
We are seeing many occurrences of GET https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json
dependency failures in our logs. I provided code of app insights implementation in our gatsby site. Could you please look at this if I missed something?
Figure: 608 occurrences for last 24 hours
gatsby-node.js - is used to log when building app
const appInsights = require('applicationinsights');
if (process.env.APPLICATIONINSIGHTS_CONNECTION_STRING) {
// Log build time stats to appInsights
appInsights
.setup()
.setAutoCollectConsole(true, true) // Enable logging of console.xxx
.start();
} else {
// eslint-disable-next-line no-console
console.warn(
'Missing APPLICATIONINSIGHTS_CONNECTION_STRING, this build will not be logged to Application Insights'
);
}
useAppInsights.js - hook that implements app insights methods and used in pages
export default function useAppInsights() {
const ai =
typeof window !== 'undefined' &&
process.env.APPLICATIONINSIGHTS_CONNECTION_STRING &&
new ApplicationInsights({
config: {
connectionString: process.env.APPLICATIONINSIGHTS_CONNECTION_STRING,
extensionConfig: {
// below config was added to avoid "https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json" errors
// issue - https://github.com/microsoft/ApplicationInsights-JS/issues/2341
['AppInsightsCfgSyncPlugin']: {
cfgUrl: '',
},
},
},
});
if (ai) {
ai.loadAppInsights();
ai.addTelemetryInitializer((item) => {
item.tags['ai.cloud.role'] = 'SSW.Rules-StaticClientPage';
});
}
// other functions .....
const appInsights = {
trackPage,
trackException,
trackEvent,
trackTrace,
};
// store instance
if (typeof window !== 'undefined') {
window['appInsights'] = appInsights;
}
return appInsights;
}
gatsby-browser.js - here tracking pages
export const onRouteUpdate = () => {
if (window.appInsights && window.appInsights.trackPage) {
window.appInsights.trackPage();
}
};
@babakamyljanovssw Is the number of occurrences decreased? It is possible that some cached resources are still being used
Hey @Karlie-777 Yep, it has decreased a lot. 🤞 that it will go away eventually. Thanks!
Description/Screenshot
Since updating to 3.2.0 we are now getting CSP violations connecting to js.monitor.azure.com. This was not happening in 3.1.2. We are using npm and the javascript initialization, not the snippet because we have a policy of not loading scripts from external domains.
Steps to Reproduce
using npm package
Expected behavior
applicationinsights-web implemented via npm will not load javascript from an external site
Additional context We have a very strict CSP that blocks loading of scripts from external sites. This cause a production showstopper for us since it was not listed as a breaking change that external scripts would now be loaded