Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughA new 404 tracking component Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
|
The latest updates on your projects. Learn more about Argos notifications ↗︎
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apps/site/src/components/not-found-tracker.tsx`:
- Around line 8-10: The posthog.capture call in components/not-found-tracker.tsx
is sending window.location.href (raw full URL) which may leak sensitive
query/hash data; update the payload used by
posthog.capture("site:404_not_found", ...) to omit the full href and instead use
only the safe path (window.location.pathname) or a sanitized URL built from
window.location.origin + window.location.pathname (explicitly excluding
window.location.search and window.location.hash). Locate the posthog.capture
invocation and remove or replace the $current_url field accordingly so only
pathname or the sanitized origin+pathname is sent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: cab3c955-7376-463a-a9c9-00795698c273
📒 Files selected for processing (2)
apps/site/src/app/not-found.tsxapps/site/src/components/not-found-tracker.tsx
| posthog.capture("site:404_not_found", { | ||
| $current_url: window.location.href, | ||
| pathname: window.location.pathname, |
There was a problem hiding this comment.
Avoid sending raw full URL in the 404 analytics payload.
$current_url: window.location.href can include sensitive query/hash data (tokens, emails, IDs). For a 404 signal, pathname is usually sufficient and safer.
🔧 Suggested change
useEffect(() => {
posthog.capture("site:404_not_found", {
- $current_url: window.location.href,
pathname: window.location.pathname,
});
}, []);📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| posthog.capture("site:404_not_found", { | |
| $current_url: window.location.href, | |
| pathname: window.location.pathname, | |
| useEffect(() => { | |
| posthog.capture("site:404_not_found", { | |
| pathname: window.location.pathname, | |
| }); | |
| }, []); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/site/src/components/not-found-tracker.tsx` around lines 8 - 10, The
posthog.capture call in components/not-found-tracker.tsx is sending
window.location.href (raw full URL) which may leak sensitive query/hash data;
update the payload used by posthog.capture("site:404_not_found", ...) to omit
the full href and instead use only the safe path (window.location.pathname) or a
sanitized URL built from window.location.origin + window.location.pathname
(explicitly excluding window.location.search and window.location.hash). Locate
the posthog.capture invocation and remove or replace the $current_url field
accordingly so only pathname or the sanitized origin+pathname is sent.
2 participants
Summary by CodeRabbit