fix: rrweb recorder may throw error when stopping recording after an iframe becomes cross-origin#1695
Merged
YunFeng0817 merged 6 commits intomasterfrom Aug 5, 2025
Merged
fix: rrweb recorder may throw error when stopping recording after an iframe becomes cross-origin#1695YunFeng0817 merged 6 commits intomasterfrom
YunFeng0817 merged 6 commits intomasterfrom
Conversation
…iframe becomes cross-origin
🦋 Changeset detectedLatest commit: b88b3fe The changes in this PR will be included in the next version bump. This PR includes changesets to release 19 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue where the rrweb recorder throws an error when stopping recording after an iframe becomes cross-origin. The changes wrap the stop handlers in a try/catch block to suppress expected cross-origin errors and a new test case has been added to validate the fix.
- Wraps each handler call in a try/catch to prevent cross-origin access errors.
- Adds a new test to verify that stopping the recorder after setting an iframe’s src to a cross-origin URL does not throw an error.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| packages/rrweb/test/record.test.ts | Adds a test ensuring that stopping recording after an iframe becomes cross-origin does not throw an error. |
| packages/rrweb/src/record/index.ts | Wraps handler calls in a try/catch to safely ignore expected cross-origin errors. |
Comments suppressed due to low confidence (1)
packages/rrweb/test/record.test.ts:1002
- [nitpick] Consider using a more robust waiting mechanism such as an event listener or polling for a condition instead of a fixed timeout to avoid potential flakiness in tests.
await new Promise((resolve) => setTimeout(resolve, 1000));
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR prevents errors when stopping the rrweb recorder after an iframe changes to cross-origin, adds a test for this scenario, and bumps the patch version.
- Add a functional test to verify no exception is thrown when stopping recording post cross-origin iframe navigation.
- Wrap each stop-record handler in try/catch and ignore known cross-origin access errors.
- Update the changeset to publish a patch release.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| packages/rrweb/test/record.test.ts | Added test ensuring stopRecord doesn’t throw after iframe src changes to cross-origin |
| packages/rrweb/src/record/index.ts | Wrapped cleanup handlers in try/catch and suppress cross-origin frame errors |
| .changeset/nervous-actors-jam.md | Bumped patch version with PR description |
Contributor
|
When an iframe changes |
Member
Author
|
@eoghanmurray Once the iframe's src is changed, we can not record change to this iframe anymore. I just tested and mutation observer can not even detect the change of this src attribute change. |
Contributor
|
I've checked and the MutationObserver can detect external changes like |
packages/rrweb/test/record.test.ts
Outdated
| const iframe = document.createElement('iframe'); | ||
| document.body.appendChild(iframe); | ||
| await new Promise((resolve) => setTimeout(resolve, 1000)); | ||
| iframe.src = 'https://www.example.com'; // Change the same origin iframe to a cross origin iframe after it's recorded |
Contributor
There was a problem hiding this comment.
this should generate a mutation I believe
Co-authored-by: Eoghan Murray <eoghan@getthere.ie>
eoghanmurray
approved these changes
Aug 5, 2025
This was referenced Aug 5, 2025
This was referenced Aug 31, 2025
This was referenced Oct 30, 2025
This was referenced May 5, 2025
This was referenced Nov 19, 2025
iterate bot
pushed a commit
to iterate/iterate
that referenced
this pull request
Mar 11, 2026
…me recording error Upgrades posthog-js from 1.282.0 to 1.359.1 in the marketing site. This resolves a DOMException (SecurityError) in PostHog's session recording where rrweb's CrossOriginIframeMirror tries to access removeEventListener on a cross-origin iframe window. Fixed upstream in rrweb-io/rrweb#1695. Also fixes ThemeProvider types for compatibility with updated dependency graph.
iterate bot
added a commit
to iterate/iterate
that referenced
this pull request
Mar 11, 2026
…me recording error (#1173) ## Summary - Bumps `posthog-js` from `1.282.0` to `1.359.1` in the marketing site (`apps/iterate-com`) - Fixes a `DOMException: SecurityError` in PostHog's session recording where rrweb's `CrossOriginIframeMirror` tries to access `removeEventListener` on a cross-origin iframe window — [fixed upstream in rrweb-io/rrweb#1695](rrweb-io/rrweb#1695) - Fixes `ThemeProvider` types that broke due to updated dependency graph (next-themes `PropsWithChildren` resolution) ## Context - **Requested by:** @NickBlow - **Slack thread:** https://iterate-com.slack.com/archives/C09K1CTN4M7/p1773260343748219 - **Agent session:** [attach](https://iterate.iterate.app/terminal?command=opencode+attach+%27http%3A%2F%2Flocalhost%3A4096%27+--session+ses_32178b3baffebgTAPCwm1mzL87+--dir+%2Fhome%2Fiterate%2Fsrc%2Fgithub.com%2Fiterate%2Fmetarepo&autorun=true) <!-- iterate-agent-context session_id: ses_32178b3baffebgTAPCwm1mzL87 --> <!-- iterate:agent-pr --> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Upgrades a third-party analytics/session-replay library (`posthog-js`) with significant transitive dependency changes, which can affect runtime behavior and bundle size. Also tweaks `ThemeProvider` prop typing/rendering, which could impact theming if props/children handling differs. > > **Overview** > Updates the marketing site to use `posthog-js@1.359.1` (from `1.282.0`), pulling in updated transitive deps via `pnpm-lock.yaml` to address session-recording issues. > > Adjusts `ThemeProvider` to accept `React.PropsWithChildren<ThemeProviderProps>` and forward props directly to `next-themes`’ `ThemeProvider` (`<NextThemesProvider {...props} />`) instead of explicitly wrapping `children`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 09fc226. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: NickBlow <nick.blow@live.com>
8 tasks
This was referenced Mar 23, 2026
pauldambra
added a commit
to PostHog/posthog-rrweb
that referenced
this pull request
Mar 23, 2026
) ## Summary - Wraps handler cleanup calls in `stopRecord()` with try-catch to prevent cross-origin iframe `SecurityError`s from crashing the entire stop process - When an iframe transitions from same-origin to cross-origin (e.g. via redirect), the browser blocks access to its window properties — previously this crashed `stopRecord()` and prevented subsequent handlers from cleaning up - Adopted from [upstream rrweb PR #1695](rrweb-io/rrweb#1695) with a more specific error check (requires both `"from accessing a cross-origin frame"` and `"Blocked a frame with origin"` in the message) ## Test plan - [x] Existing tests pass - [x] Build succeeds (`pnpm build:all`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The CI failure can be solved by #1696