Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] matomo.js erroring on javaEnabled property #22836

Open
4 tasks done
terminatingcode opened this issue Dec 10, 2024 · 10 comments
Open
4 tasks done

[Bug] matomo.js erroring on javaEnabled property #22836

terminatingcode opened this issue Dec 10, 2024 · 10 comments
Labels
Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. To Triage An issue awaiting triage by a Matomo core team member

Comments

@terminatingcode
Copy link

What happened?

Errors started coming through on our end since Dec 9, 10:02 PM

Our Matomo.js script is erroring on accessing the javaEnabled property

Looking at the stats, all users initiating the error are on Chrome browser (125.0.6422, 126.0.6478, 127.0.6523) and Windows >10.

What should happen?

no error

How can this be reproduced?

n/a

Matomo version

matomo.js

PHP version

No response

Server operating system

No response

What browsers are you seeing the problem on?

Chrome

Computer operating system

No response

Relevant log output

'get' on proxy: property 'javaEnabled' is a read-only and non-configurable data property on the proxy target but the proxy did not return its actual value (expected 'function () {
            return false;
        }' but got 'function (...args) {

Validations

@terminatingcode terminatingcode added Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. To Triage An issue awaiting triage by a Matomo core team member labels Dec 10, 2024
@fattybenji
Copy link

fattybenji commented Dec 11, 2024

Same problem here, also started appearing on december 9th around 10pm (CET)

A little bit more output:

'get' on proxy: property 'javaEnabled' is a read-only and non-configurable data property on the proxy target but the proxy did not return its actual value (expected 'function () {
            return false;
        }' but got 'function (...args) {
                return value.apply(target, args);
            }')

We're using version 5.1.1.

Update: we've noticed that all calls come from Microsoft IPs.

@Yhuley
Copy link

Yhuley commented Dec 11, 2024

We have same problem.

All users who initiate the error use Chrome (125.0.6422, 127.0.6523) and Windows >10

@sgiehl
Copy link
Member

sgiehl commented Dec 11, 2024

I've tried to check that using browser stack, but can't see any error when visiting a page where the matomo tracker is integrated with older chrome versions on windows 10 or windows 11.
Is anyone of you maybe able to share a link to a site where that error occurs?

@david-bezero
Copy link

david-bezero commented Dec 11, 2024

@sgiehl does the matomo code create a proxy around the navigator object at all?

If so, it seems this bug is caused by that proxy, which will need fixing here.

If not, it seems likely (from @fattybenji noting that this is limited to Microsoft IPs) that this is coming from (e.g.) a malware scanning service which is creating its own navigator proxy object, with the issue being triggered by matomo only because it attempts to access a property that they haven't set up correctly. Unfortunately Microsoft has form here and the common advice is to simply filter out the errors since they won't fix them.

In the latter case, one option matomo might want to consider is to simply not invoke (or even access) javaEnabled unless the browser is detected to be one where this might return a meaningful value (since it is deprecated and all modern browsers hard-code it to false anyway).

@david-bezero
Copy link

on your question about the call site, it is reported as matomo.js in c6 at line 40:841, which appears to be here in the unminified code:

typeof navigator.javaEnabled !== 'unknown' &&

(specifically on the typeof navigator.javaEnabled check)

@sgiehl
Copy link
Member

sgiehl commented Dec 12, 2024

We are unable to reproduce that. Is anyone able to reproduce that manually or can anyone provide an URL where that happened?
Without a proper reproduction it's hard to say where the problem is and how to fix this.
It could in theory even be an automated crawler doing weird things 🤷

@david-bezero
Copy link

It could in theory even be an automated crawler doing weird things

I think this is the most likely explanation (see my first comment for details)

I'm not aware of this happening in a browser I have access to; just getting reports from the automated error handling.

The root cause is probably for Microsoft to fix, but I doubt they'll look at it. It would be nice if matomo updated this code to only check javaEnabled for browsers where it might be meaningful (which would fix this as a side-effect), especially since I imagine 99.9% of Matomo's users don't even care about the presence of Java on client machines!

The only other option is for every matomo user to add this to their list of ignored errors, to avoid noise from Microsoft's scans.

@sgiehl
Copy link
Member

sgiehl commented Dec 12, 2024

We could also add a try/catch around that block. But it's hard to test if that works as expected.
Only checking the flag based on the detected browser might also not work reliable if someone spoofs a different browser

@david-bezero
Copy link

FWIW there's already a browser check for Edge on that code, which would have a similar limitation with spoofing.

You can replicate the issue with this setup code, which may or may not be entirely representative of what Microsoft's environment is using:

Object.defineProperty(navigator, 'javaEnabled', {
  value: () => false,
  writeable: false,
  configurable: false,
});

Object.defineProperty(window, 'navigator', {
  value: new Proxy(window.navigator, {
    get(target, prop, receiver) {
      if (prop === 'javaEnabled') return () => false;
      return Reflect.get(target, prop, receiver);
    }
  }),
});

// now accessing navigator.javaEnabled throws the error from this thread

@ipecador
Copy link

ipecador commented Dec 30, 2024

If I correctly understand the code, the problematic code is within a block that excludes IE < 11 but does not call navigatorAlias because it does not exist under IE6/IE7. This (now) looks like useless code.

if (!((new RegExp('MSIE')).test(navigatorAlias.userAgent))) {

// IE6/IE7 navigator.javaEnabled can't be aliased, so test directly

It seems to me that the problematic line has no more reason to be there so deleting it may (slightly) lighten the code and fix this issue.

typeof navigator.javaEnabled !== 'unknown' &&

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. To Triage An issue awaiting triage by a Matomo core team member
Projects
None yet
Development

No branches or pull requests

6 participants