odoo/odoo#164584
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: Contact runbot team on discord for help.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:17.0-15.0-web-third-party-script-errors-for-visitors-fix-sad-ojkv-fw
- head
- 52ce938542f29fd1f47e223b629aeb3f0149862d
- merged
- 1 year ago by Samuel Degueldre (sad)
| odoo/odoo | |
|---|---|
| 15.0 | #163710 |
| 16.0 | #164072 |
| saas-16.3 | #164372 |
| saas-16.4 | #164502 |
| 17.0 | #164584 |
| saas-17.1 | #164695 |
| saas-17.2 | #164881 |
| saas-17.4 | |
| 18.0 | |
| saas-18.1 | |
| saas-18.2 | |
| saas-18.3 | |
| master | #165952 |
[FW][FIX] web: stop showing visitors error dialogs for third-party scripts
Previously, if an error occurred in a third-party script loaded from a different origin (eg: google analytics or scripts injected into the in-app browsers of Meta apps such as Facebook or Instagram), we would show an error dialog mentioning a "CORS" error with no details.
There are three problems with this: first, this is not actually a CORS error. It is normal error, but in Chrome and Safari, the details of the error are unavailable inside of code from scripts hosted on a different origin, this unavailability is caused by CORS but the error is not a CORS error.
The second problem is that we're showing these error dialogs to website visitors, who are both likely to be confused or frustrated by the error and very unlikely to report it.
Lastly, because the error occurred in a third party script, it's likely code that is not even controlled by the Odoo instance in any way, which means that it oftentimes cannot be fixed in Odoo.
In Firefox, the first point doesn't hold true, as Firefox does not hide the error details, but we still do not want to display an error dialog because of the two other points.
This commit fixes this by simply not displaying these errors to visitors outside of debug mode. Actual visitors will not be in debug mode, but it could be useful to still show the error for people developing integrations with third-party libraries and scripts. The error dialog will still not contain much information in non-Firefox browsers, but we encourage the developer to look at the browser console for extra details. We still display these errors for logged-in users in all cases as users are much more likely to report such issues. Ideally, we may not want to show these errors to portal users either, but this information is not currently available in JS.