Bug #27114
closed
Many diffs no longer display in event logs
Description
it seems that many JS code that are executed as AJAX in the Event logs (also the change logs page in starting from 8.3) are not executed.
We use diff libraries and we inject JS code that does not seem to be executed at all, makeDiff and jsondiffpatch
So, we can no longer see the diff of tags for directives/rules (see #15019), or JSON semantic diff for node properties.
Screenshot for a missing directive diff on tags
There is a CSP violation in the page which could be the cause of that.
Files
Updated by Clark ANDRIANASOLO about 1 month ago
· Edited
- Effort required changed from Very Small to Medium
- Priority changed from 103 to 58
The JS code to render the event log makes an HTTP request to the event logs details endpoint, which returns HTML code in some field, but in #25352 we made assumptions about the response of the API, which may only contain HTML, but no JS.
So we should find a way to run diffs, we can not longer run script tags from the server, it will be far from trivial to prevent any XSS (and looking forward to migrate in Elm) : we would need to change the API, maybe add an optional "changes"/"diff" field as already returned in the change request API : https://docs.rudder.io/api/v/21/#tag/Change-requests/operation/changeRequestDetails. So we should backport [[a lot of code from the change-validation plugin]](https://github.com/Normation/rudder-plugins/pull/618), and handle the display of diffs in the JS code instead of Scala, it is a major architecture change.
Another temporary solution for 8.2 would be to sandbox the js code within an iframe and allow the execution of those scripts. It seems urgent to find a solution to have visibility on the architectural change : #27124
Updated by Clark ANDRIANASOLO about 1 month ago
- Related to Bug #25352: Event log rollback action is prevented from CSP headers added
Updated by Clark ANDRIANASOLO about 1 month ago
- Related to Architecture #27124: Use ESM modules in rudder-web added
Updated by François ARMAND about 1 month ago
- Priority changed from To review to 1 (highest)
P1 because it may be small and it's very user facing.
Updated by Clark ANDRIANASOLO about 1 month ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO about 1 month ago
- Status changed from In progress to Pending technical review
- Pull Request set to https://github.com/Normation/rudder/pull/6470
Updated by Clark ANDRIANASOLO about 1 month ago
- Assignee changed from Clark ANDRIANASOLO to François ARMAND
Updated by Clark ANDRIANASOLO 27 days ago
- Related to Bug #25704: event log detail show shouldBeReplacedByDiff added
Updated by Clark ANDRIANASOLO 27 days ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|f058bc7bebaccd14f0a149d31eb87be24a50ef79.
Updated by François ARMAND 26 days ago
- File clipboard-202507040928-0foxe.png clipboard-202507040928-0foxe.png added
- File clipboard-202507040929-yccjb.png clipboard-202507040929-yccjb.png added
- Fix check changed from To do to Error - Next version
I does not seems to work, at least not for properties in 8.3, maybe perhaps because of a CSP header problem.
Some other diffs, like rule change for directive, work.
Updated by Félix DALLIDET 13 days ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.2.8 and 8.3.3 which were released today.