fix(telemetry): first-party fetch for play/share, beacon only on unload

Route normal play closes (end/switch/stop) and all shares through a same-origin
HttpClient POST so privacy-hardened browsers stop blocking them; keep sendBeacon
for the tab-unload edge. Rename the JS module off telemetry/beacon to session/
lifecycle so the retained fallback isn't name-matched. No new data or identifiers.
This commit is contained in:
daniel-c-harvey
2026-06-26 21:11:43 -04:00
parent ca44979b08
commit 2af0d8650b
16 changed files with 318 additions and 114 deletions
+68 -30
View File
@@ -7,24 +7,38 @@ using Microsoft.JSInterop;
namespace DeepDrftTests;
/// <summary>
/// Tests that the Phase 16 wave-16.3 anon id is threaded onto the beacon payloads emitted by
/// Tests that the Phase 16 wave-16.3 anon id is threaded onto the event payloads emitted by
/// <see cref="BeaconPlayEventSink"/> and <see cref="ShareTracker"/>, and omitted when the provider has
/// no token. Both sinks serialize internally and dispatch through <c>BeaconInterop</c> → the
/// <c>DeepDrftBeacon.send(url, json)</c> JS call, so the assertions capture that JSON string off a fake
/// JS runtime and inspect the <c>anonId</c> field — the same bytes the browser would POST.
/// no token. After the transport-resilience split, normal play closes and shares serialize and POST over
/// the first-party <see cref="IEventPoster"/>, so those assertions capture the JSON off a fake poster.
/// The play sink's unload arm still serializes the same bytes through <c>BeaconInterop</c> →
/// <c>DeepDrftLifecycle.send</c>, asserted off a fake JS runtime — proving both arms carry the id.
/// </summary>
[TestFixture]
public class AnonIdPayloadTests
{
// Captures the JSON body of the most recent DeepDrftBeacon.send(url, json) invocation. The beacon is
// fire-and-forget (returns bool); other interop calls (unload registration) are tolerated and ignored.
// Captures the JSON body of the most recent first-party POST. The poster is fire-and-forget; the
// caller never reads its result.
private sealed class CapturingEventPoster : IEventPoster
{
public string? LastJson { get; private set; }
public Task PostAsync(string url, string json)
{
LastJson = json;
return Task.CompletedTask;
}
}
// Captures the JSON body of the most recent DeepDrftLifecycle.send(url, json) invocation (the unload
// arm). Other interop calls (unload registration) are tolerated and ignored.
private sealed class CapturingJsRuntime : IJSRuntime
{
public string? LastJson { get; private set; }
public ValueTask<TValue> InvokeAsync<TValue>(string identifier, object?[]? args)
{
if (identifier == "DeepDrftBeacon.send" && args is { Length: 2 } && args[1] is string json)
if (identifier == "DeepDrftLifecycle.send" && args is { Length: 2 } && args[1] is string json)
LastJson = json;
return ValueTask.FromResult<TValue>(default!);
}
@@ -33,6 +47,12 @@ public class AnonIdPayloadTests
=> InvokeAsync<TValue>(identifier, args);
}
// A no-op poster for the unload-arm test, where the beacon (not the poster) is the asserted transport.
private sealed class NoopEventPoster : IEventPoster
{
public Task PostAsync(string url, string json) => Task.CompletedTask;
}
private sealed class StubAnonIdProvider : IAnonIdProvider
{
public StubAnonIdProvider(string? current) => Current = current;
@@ -64,61 +84,79 @@ public class AnonIdPayloadTests
private static bool HasAnonIdProperty(string json) => FindAnonId(json).Present;
// A play emitted while the provider holds a token carries that token in the payload.
private static BeaconPlayEventSink PlaySink(IEventPoster poster, IJSRuntime js, string? anonId)
=> new(poster, new BeaconInterop(js), new StubAnonIdProvider(anonId), new TestNavigationManager());
// --- Play sink, first-party fetch arm (normal close) ---
// A play emitted while the provider holds a token carries that token in the fetch payload.
[Test]
public void PlaySink_WithAnonId_IncludesItInPayload()
public async Task PlaySink_FetchArm_WithAnonId_IncludesItInPayload()
{
var js = new CapturingJsRuntime();
var sink = new BeaconPlayEventSink(
new BeaconInterop(js), new StubAnonIdProvider("listener-42"), new TestNavigationManager());
var poster = new CapturingEventPoster();
var sink = PlaySink(poster, new CapturingJsRuntime(), "listener-42");
sink.EmitPlay("track-key", PlayBucket.Complete);
await sink.EmitPlayAsync("track-key", PlayBucket.Complete);
Assert.That(js.LastJson, Is.Not.Null);
Assert.That(ReadAnonId(js.LastJson!), Is.EqualTo("listener-42"));
Assert.That(poster.LastJson, Is.Not.Null);
Assert.That(ReadAnonId(poster.LastJson!), Is.EqualTo("listener-42"));
}
// A play emitted when the provider has no token (storage unavailable / not warmed) omits anonId
// entirely rather than sending anonId:null.
[Test]
public void PlaySink_WithoutAnonId_OmitsItFromPayload()
public async Task PlaySink_FetchArm_WithoutAnonId_OmitsItFromPayload()
{
var poster = new CapturingEventPoster();
var sink = PlaySink(poster, new CapturingJsRuntime(), null);
await sink.EmitPlayAsync("track-key", PlayBucket.Partial);
Assert.That(poster.LastJson, Is.Not.Null);
Assert.That(HasAnonIdProperty(poster.LastJson!), Is.False, "null anonId is omitted from the wire payload");
}
// --- Play sink, sendBeacon arm (page unload) ---
// The unload arm serializes the same payload through sendBeacon, carrying the token too.
[Test]
public void PlaySink_UnloadArm_WithAnonId_IncludesItInPayload()
{
var js = new CapturingJsRuntime();
var sink = new BeaconPlayEventSink(
new BeaconInterop(js), new StubAnonIdProvider(null), new TestNavigationManager());
var sink = PlaySink(new NoopEventPoster(), js, "listener-99");
sink.EmitPlay("track-key", PlayBucket.Partial);
sink.EmitPlayOnUnload("track-key", PlayBucket.Complete);
Assert.That(js.LastJson, Is.Not.Null);
Assert.That(HasAnonIdProperty(js.LastJson!), Is.False, "null anonId is omitted from the wire payload");
Assert.That(ReadAnonId(js.LastJson!), Is.EqualTo("listener-99"));
}
// --- Share tracker (always first-party fetch) ---
// A share recorded while the provider holds a token carries it in the payload.
[Test]
public void ShareTracker_WithAnonId_IncludesItInPayload()
{
var js = new CapturingJsRuntime();
var tracker = new ShareTracker(
new BeaconInterop(js), new StubAnonIdProvider("listener-7"), new TestNavigationManager());
var poster = new CapturingEventPoster();
var tracker = new ShareTracker(poster, new StubAnonIdProvider("listener-7"), new TestNavigationManager());
tracker.RecordShare(ShareTargetType.Track, "k", ShareChannel.Link);
Assert.That(js.LastJson, Is.Not.Null);
Assert.That(ReadAnonId(js.LastJson!), Is.EqualTo("listener-7"));
Assert.That(poster.LastJson, Is.Not.Null);
Assert.That(ReadAnonId(poster.LastJson!), Is.EqualTo("listener-7"));
}
// A share recorded with no token omits anonId from the payload.
[Test]
public void ShareTracker_WithoutAnonId_OmitsItFromPayload()
{
var js = new CapturingJsRuntime();
var tracker = new ShareTracker(
new BeaconInterop(js), new StubAnonIdProvider(null), new TestNavigationManager());
var poster = new CapturingEventPoster();
var tracker = new ShareTracker(poster, new StubAnonIdProvider(null), new TestNavigationManager());
tracker.RecordShare(ShareTargetType.Track, "k", ShareChannel.Link);
Assert.That(js.LastJson, Is.Not.Null);
Assert.That(HasAnonIdProperty(js.LastJson!), Is.False);
Assert.That(poster.LastJson, Is.Not.Null);
Assert.That(HasAnonIdProperty(poster.LastJson!), Is.False);
}
// A JS runtime that throws on every call — models localStorage interop being unavailable (private