@urql/exchange-persisted Module name, 'crypto' does not resolve to a valid URL.

urql-graphql / urql

The highly customizable and versatile GraphQL client with which you add on features like normalized caching as you grow.

https://urql.dev/goto/docs

MIT License

8.54k stars 444 forks source link

@urql/exchange-persisted Module name, 'crypto' does not resolve to a valid URL. #3523

Closed badtant closed 3 months ago

badtant commented 4 months ago

Describe the bug

Hi, I'm getting some errors logged from @urql/exchange-persisted.

Module name, 'crypto' does not resolve to a valid URL. Pointing to this line: p = new Function('return import("crypto")')();

The issue seems to be mainly in safari

Reproduction

Urql version

"urql": "4.0.6", "@urql/exchange-persisted": "4.1.1",

Validations

[X] I can confirm that this is a bug report, and not a feature request, RFC, question, or discussion, for which GitHub Discussions should be used
[X] Read the docs.
[X] Follow our Code of Conduct

kitten commented 4 months ago

Do you have a reproduction?

This shouldn't ever happen since we only attempt to import the Node Crypto module if the WebCrypto API is unavailable. If that was unavailable then that browser is well outside of our range of supported browsers

The relevant code: https://github.com/urql-graphql/urql/blob/d2c7441731bfc636a57c8864ea49464d59c13d6f/exchanges/persisted/src/sha256.ts#L26
Browser Support table for WebCrypto subtle: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle

badtant commented 4 months ago

I haven't been able to reproduce it myself but here are som data from sentry sentry

kitten commented 4 months ago

To be honest, I kind of expected this to be an issue report from an error analytics tool, like Sentry 😅

That's because this honestly doesn't sound like it would ever happen on "real" devices, but instead on requests that fake a user agent but are potentially crawlers.

That said, given that there's a lot of different devices in your report and hence a lot of user agents, there's still a chance there's something odd going on. Mind you though we haven't seen a similar report for a while so this is definitely weird, and could also hint at a faulty polyfill (?)

I'm afraid we won't have much to go on without a reproduction, but I realise that this might be tricky ❤️

badtant commented 4 months ago

Yeah, I get it's really hard to do something without being able to reproduce it. i'll keep testing different browsers/devices to see if I can get the error.

kitten commented 3 months ago

Just following up on this. Have you found what's going on here?

Forgot to point this out before, but it's worth noting that CryptoSubtle requires a secure context, so it may be worth checking the hosts and protocols of these errors,

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

(Note: Localhost/other dev domains are excluded from the above)

badtant commented 3 months ago

Ahh, thanks for pointing that out! When I check now the reports are not on https. I have no idea how they end up on http though... they should be redirected to https :)

So testing this on non https I can reproduce the error. I set up a little conf in my hosts-file to test. If this error is intentional on http then I guess you can close the issue.

kitten commented 3 months ago

Then, if you don't mind, I'll close this as unplanned for now, until we have some information of whether this comes down to a real browser with an available reproduction in a secure context ✌️ happy to reopen this though when we've got something actionable, so no need to worry ❤️