Cannot be used in Chrome/Firefox extensions because bundle contains eval() #141
Comments
|
Related: protocolbuffers/protobuf#5464 Ideally though I should be able to use this library through plain HTTP. |
Google Protobufs use eval() so cannot run in browser extensions lightstep#141 The transport was not used by default and bloated the bundle size.
|
Interesting, and thanks for hunting down the upstream problem! I'll investigating some other options for compilation, e.g., protobuf.js. When you say "plain HTTP", do you mean json over HTTP? |
|
What I mean is that as a consumer of Lightstep, I don't really care how the data is transported. I just care that it works (including in extensions and webworkers) and doesn't bloat my bundle. Maybe there is one, but I don't understand the need for neither Thrift nor Protobuf libraries, and would at least like to avoid having both in my bundle, especially if they cause issues like this. |
|
Thanks for the explanation! I completely agree, and we're moving in the direction of no longer requiring code for unused transports. |
|
This is a rather old issue, but today I'm facing the same issue because our CSP does not allow the use of eval. The protobuf library (a dependency on lightstep-tracer-javascript), does not package their code with Could |
|
For anyone also experiencing a problem with using eval try using this branch in your package json Simply add |
When trying to use this library in a browser extension (Chrome or Firefox) the extension will throw with
Chrome and Firefox do not allow
eval(in extensions because it is a security risk.This seems to be related to some Google library bundled (I assume for Proto support?), search https://github.com/lightstep/lightstep-tracer-javascript/blob/master/dist/lightstep-tracer.js for
eval(.The text was updated successfully, but these errors were encountered: