-
-
Couldn't load subscription status.
- Fork 1.7k
SvelteKit setup: fetchProxyScriptNonce configuration #14285
-
Hello, i'm trying to configure the nonce for my sveltekit app. Referencing the sveltekit doc https://docs.sentry.io/platforms/javascript/guides/sveltekit/manual-setup/#configure-client-side-fetch-instrumentation
Is there a way to set fetchProxyScriptNonce dynamically? or wrap sentryHandle function using sequence somehow e.g. sequence(generateNonce, sentryHandle({ fetchProxyScriptNonce: }), ...)?
Beta Was this translation helpful? Give feedback.
All reactions
Hey @hlesmana-var you can specify a nonce as documented by specifying fetchProxyScriptNonce.
To confirm: I realize this is "static" in the sense that the sentryHandle function is a hook, so the passed nonce needs to be determined before the function is invoked. Are you asking for a way to dynamically read the nonce for each request?
Your suggestion to create your own hook to determine a nonce doesn't work right now out of the box. I think we could take a look at the locals object and check for a specific object. What's your specific use case?
If you use a SvelteKit version above 1.26.0 you should be good to disable the fetch script injection and our fetch instrumentation should still work...
Replies: 2 comments 1 reply
-
Hi! Dynamic in what way? For each request? For each build?
@Lms24 cc
Beta Was this translation helpful? Give feedback.
All reactions
-
Hey @hlesmana-var you can specify a nonce as documented by specifying fetchProxyScriptNonce.
To confirm: I realize this is "static" in the sense that the sentryHandle function is a hook, so the passed nonce needs to be determined before the function is invoked. Are you asking for a way to dynamically read the nonce for each request?
Your suggestion to create your own hook to determine a nonce doesn't work right now out of the box. I think we could take a look at the locals object and check for a specific object. What's your specific use case?
If you use a SvelteKit version above 1.26.0 you should be good to disable the fetch script injection and our fetch instrumentation should still work. Haven't tested this in a while though so if anything doesn't work, let me know!
Beta Was this translation helpful? Give feedback.
All reactions
-
yea, shouldn't that how the nonce is supposed to work? generated per request, unlike hash which is static at build time.
Gotcha yea. will try your suggestion on disabling fetch script injection.
Beta Was this translation helpful? Give feedback.