Project Information
- Name of project: client side error logging
- Project home page: N/A
- Name of team which owns the project: SRE / observability
- Primary contact for the project: Filippo Giunchedi
- Target date for deployment: N/A yet
- Link to code repository: N/A yet
- Is this a brand-new project: yes
- Has this project ever been reviewed before: (Phab tasks, etc.) no
- Has any risk assessment (STRIDE, etc.) been performed: not AFAIK
- Is there an existing RFC or has this been presented to the community: no
- Is this project tied to a team quarterly goal: not yet
- Does this project require its own privacy policy: no
Description of the project and how it will be used
We are already performing some logging of client side errors (i.e. javascript errors from user agents) although with some limitations, the idea and scope of the project is to use lift those limitations and move to a supported system for all needs of client side error logging, see also T217142: [Proposal] Use the Kafka-Logstash logging infrastructure to log client-side errors. The security review involves the javascript client that will be used to send errors back to WMF, note the client is still being developed and available yet, I'm filing the review task in advance.
Description of any sensitive data to be collected or exposed
Collected: UA information, client IP, url that has errors. Exposed nothing, will be stored in logstash/kibana for 90d
Technologies employed
javascript
Dependencies and vendor code
N/A yet
Working test environment
N/A yet