[Pro] Backport production RSC diagnostic redaction#4744
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR redacts browser-visible RSC diagnostics outside explicit development and test environments. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (1): Last reviewed commit: "Prevent RSC diagnostics leaking outside ..." | Re-trigger Greptile |
Review: [Pro] Backport production RSC diagnostic redactionOverviewFocused security backport for #4629 that redacts Correctness
Test coverage
Other notes
Overall: solid, narrowly-scoped fix. No blocking issues found. |
| expect(resultStr).not.toContain('consoleReplayScript'); | ||
| }, | ||
| ); | ||
|
|
There was a problem hiding this comment.
Nit/suggestion: this it.each covers production and missing (undefined), but the PR description also claims redaction for "custom environments." Consider adding a third case like ['staging', 'staging'] here to directly verify that claim, since the ternary in injectRSCPayload.ts (railsEnv === 'development' || railsEnv === 'test' ? ... : { hasErrors: true }) redacts anything outside the two allowlisted values — an explicit custom-env case would pin that behavior for this security-sensitive path rather than relying on the shape of the conditional.
size-limit report 📦
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3421c63c9a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const diagnostic = | ||
| railsEnv === 'development' || railsEnv === 'test' ? { hasErrors, renderingError } : { hasErrors: true }; |
There was a problem hiding this comment.
Redact diagnostics on direct RSC payload fetches
This environment gate only protects diagnostics that are embedded by injectRSCPayload, but production clients can still hit the RSC payload route during navigation/refetch: getReactServerComponent.client.ts:417 and prefetchServerComponent.client.ts:82 call fetchRSC, and the Rails helper still frames the response with chunk.except("html").to_json (react_on_rails_pro/app/helpers/react_on_rails_pro_helper.rb:1357). When an RSC component errors on that path, the HTTP response body still contains the full renderingError.message/source-mapped stack in production, so the disclosure remains outside the initial streamed-HTML case; please apply the same rails-env redaction before framing the payload response.
Useful? React with 👍 / 👎.
Why
Issue #4629 identified that streamed React Server Component diagnostics could serialize a server render error's message and source-mapped stack into browser-visible HTML outside development. The mainline fix landed in #4631; the closed v17 release tracker designated this as lead 17.0.1 patch-train work.
This PR is the smallest release-branch backport that closes the client-visible disclosure without importing #4631's broader node-renderer reporting changes.
What changed
railsContext.railsEnvto the internal RSC payload injector.renderingErrormetadata only for explicitdevelopmentandtest.{ hasErrors: true }.Reporter-path preservation
reportError,emitError,buildRenderMetadata,streamingUtils.ts, and the node-renderer handlers are unchanged.streamServerRenderedReactComponentregression suite remains green.renderingErrorevent, which is outside this security backport's authorized paths and behavior.Verification
pnpm --filter react-on-rails-pro exec jest tests/injectRSCPayload.test.ts --runInBand— 79 tests passed.pnpm --filter react-on-rails-pro exec jest tests/streamServerRenderedReactComponent.test.jsx --runInBand— 39 tests passed.script/check-pro-license-headers— 851 files passed.git diff --check— passed.The pre-push branch RuboCop gate also passed. Its Markdown link phase could not run because release-branch divergence selected unrelated Markdown files and the installed Lychee version cannot parse the current
.lychee.toml; no Markdown or configuration file changes in this PR.Release context
release/17.0.0development.rc.Codex Decision Log
main.CHANGELOG.mdin this lane.Addresses #4629.