mixpanel-browser 2.76.0 → 2.78.0

package/dist/rrweb-bundled.js

@@ -9304,14 +9304,7 @@ class MutationBuffer {
       };
       while (this.mapRemoves.length) {
         const removedNode = this.mapRemoves.shift();
-        if (removedNode.nodeName === "IFRAME") {
-          try {
-            this.iframeManager.removeIframe(removedNode);
-          } catch (e2) {
-          }
-        } else {
-          this.stylesheetManager.cleanupStylesheetsForRemovedNode(removedNode);
-        }
+        this.cleanupRemovedNode(removedNode);
         this.mirror.removeNodeFromMap(removedNode);
       }
       for (const n2 of this.movedSet) {
@@ -9620,6 +9613,22 @@ class MutationBuffer {
         }
       }
     });
+    __publicField$1(this, "cleanupRemovedNode", (node2) => {
+      if (node2.nodeName === "IFRAME") {
+        try {
+          this.iframeManager.removeIframe(node2);
+        } catch (e2) {
+        }
+      } else {
+        try {
+          this.stylesheetManager.cleanupStylesheetsForRemovedNode(node2);
+        } catch (e2) {
+        }
+      }
+      node2.childNodes.forEach((child) => {
+        this.cleanupRemovedNode(child);
+      });
+    });
   }
   init(options) {
     [
@@ -11844,6 +11853,35 @@ class ProcessedNodeManager {
   destroy() {
   }
 }
+function toOrigin(url) {
+  try {
+    const origin = new URL(url).origin;
+    return origin !== "null" ? origin : null;
+  } catch {
+    return null;
+  }
+}
+function buildAllowedOriginSet(origins) {
+  if (!Array.isArray(origins) || origins.length === 0) {
+    throw new Error(
+      "[rrweb] allowedIframeOrigins must be a non-empty array of origin strings."
+    );
+  }
+  const set = /* @__PURE__ */ new Set();
+  for (let i2 = 0; i2 < origins.length; i2++) {
+    const entry = origins[i2];
+    if (typeof entry !== "string") {
+      throw new Error(
+        `[rrweb] allowedIframeOrigins[${i2}] must be a string, got ${typeof entry}.`
+      );
+    }
+    const origin = toOrigin(entry);
+    if (origin) {
+      set.add(origin);
+    }
+  }
+  return Object.freeze(set);
+}
 let wrappedEmit;
 let takeFullSnapshot$1;
 let canvasManager;
@@ -11884,6 +11922,7 @@ function record(options = {}) {
     recordDOM = true,
     recordCanvas = false,
     recordCrossOriginIframes = false,
+    allowedIframeOrigins,
     recordAfter = options.recordAfter === "DOMContentLoaded" ? options.recordAfter : "load",
     userTriggeredOnInput = false,
     collectFonts = false,
@@ -11894,6 +11933,13 @@ function record(options = {}) {
     errorHandler: errorHandler2
   } = options;
   registerErrorHandler(errorHandler2);
+  let validatedOrigins;
+  if (recordCrossOriginIframes && allowedIframeOrigins && allowedIframeOrigins.length > 0) {
+    validatedOrigins = buildAllowedOriginSet(allowedIframeOrigins);
+    if (validatedOrigins.size === 0) {
+      validatedOrigins = void 0;
+    }
+  }
   const inEmittingFrame = recordCrossOriginIframes ? window.parent === window : true;
   let passEmitsToParent = false;
   if (!inEmittingFrame) {
@@ -11981,7 +12027,13 @@ function record(options = {}) {
         origin: window.location.origin,
         isCheckout
       };
-      window.parent.postMessage(message, "*");
+      if (validatedOrigins) {
+        for (const targetOrigin of validatedOrigins) {
+          window.parent.postMessage(message, targetOrigin);
+        }
+      } else {
+        window.parent.postMessage(message, "*");
+      }
     }
     if (e2.type === EventType.FullSnapshot) {
       lastFullSnapshotEvent = e2;

package/dist/rrweb-compiled.js

@@ -10695,13 +10695,7 @@ var MutationBuffer = /*#__PURE__*/ function() {
             };
             while(_this.mapRemoves.length){
                 var removedNode = _this.mapRemoves.shift();
-                if (removedNode.nodeName === "IFRAME") {
-                    try {
-                        _this.iframeManager.removeIframe(removedNode);
-                    } catch (e2) {}
-                } else {
-                    _this.stylesheetManager.cleanupStylesheetsForRemovedNode(removedNode);
-                }
+                _this.cleanupRemovedNode(removedNode);
                 _this.mirror.removeNodeFromMap(removedNode);
             }
             for(var _iterator = _create_for_of_iterator_helper_loose(_this.movedSet), _step; !(_step = _iterator()).done;){
@@ -11021,6 +11015,20 @@ var MutationBuffer = /*#__PURE__*/ function() {
                 }
             }
         });
+        __publicField$1(this, "cleanupRemovedNode", function(node2) {
+            if (node2.nodeName === "IFRAME") {
+                try {
+                    _this.iframeManager.removeIframe(node2);
+                } catch (e2) {}
+            } else {
+                try {
+                    _this.stylesheetManager.cleanupStylesheetsForRemovedNode(node2);
+                } catch (e2) {}
+            }
+            node2.childNodes.forEach(function(child) {
+                _this.cleanupRemovedNode(child);
+            });
+        });
     }
     var _proto = MutationBuffer.prototype;
     _proto.init = function init(options) {
@@ -13248,6 +13256,31 @@ var ProcessedNodeManager = /*#__PURE__*/ function() {
     _proto.destroy = function destroy() {};
     return ProcessedNodeManager;
 }();
+function toOrigin(url) {
+    try {
+        var origin = new URL(url).origin;
+        return origin !== "null" ? origin : null;
+    } catch (e) {
+        return null;
+    }
+}
+function buildAllowedOriginSet(origins) {
+    if (!Array.isArray(origins) || origins.length === 0) {
+        throw new Error("[rrweb] allowedIframeOrigins must be a non-empty array of origin strings.");
+    }
+    var set = /* @__PURE__ */ new Set();
+    for(var i2 = 0; i2 < origins.length; i2++){
+        var entry = origins[i2];
+        if (typeof entry !== "string") {
+            throw new Error("[rrweb] allowedIframeOrigins[" + i2 + "] must be a string, got " + (typeof entry === "undefined" ? "undefined" : _type_of(entry)) + ".");
+        }
+        var origin = toOrigin(entry);
+        if (origin) {
+            set.add(origin);
+        }
+    }
+    return Object.freeze(set);
+}
 var wrappedEmit;
 var takeFullSnapshot$1;
 var canvasManager;
@@ -13269,10 +13302,17 @@ try {
 var mirror = createMirror$2();
 function record(options) {
     if (options === void 0) options = {};
-    var emit = options.emit, checkoutEveryNms = options.checkoutEveryNms, checkoutEveryNth = options.checkoutEveryNth, _options_blockClass = options.blockClass, blockClass = _options_blockClass === void 0 ? "rr-block" : _options_blockClass, _options_blockSelector = options.blockSelector, blockSelector = _options_blockSelector === void 0 ? null : _options_blockSelector, _options_ignoreClass = options.ignoreClass, ignoreClass = _options_ignoreClass === void 0 ? "rr-ignore" : _options_ignoreClass, _options_ignoreSelector = options.ignoreSelector, ignoreSelector = _options_ignoreSelector === void 0 ? null : _options_ignoreSelector, _options_maskTextClass = options.maskTextClass, maskTextClass = _options_maskTextClass === void 0 ? "rr-mask" : _options_maskTextClass, _options_maskTextSelector = options.maskTextSelector, maskTextSelector = _options_maskTextSelector === void 0 ? null : _options_maskTextSelector, _options_inlineStylesheet = options.inlineStylesheet, inlineStylesheet = _options_inlineStylesheet === void 0 ? true : _options_inlineStylesheet, maskAllInputs = options.maskAllInputs, _maskInputOptions = options.maskInputOptions, _slimDOMOptions = options.slimDOMOptions, maskInputFn = options.maskInputFn, maskTextFn = options.maskTextFn, hooks = options.hooks, packFn = options.packFn, _options_sampling = options.sampling, sampling = _options_sampling === void 0 ? {} : _options_sampling, _options_dataURLOptions = options.dataURLOptions, dataURLOptions = _options_dataURLOptions === void 0 ? {} : _options_dataURLOptions, mousemoveWait = options.mousemoveWait, _options_recordDOM = options.recordDOM, recordDOM = _options_recordDOM === void 0 ? true : _options_recordDOM, _options_recordCanvas = options.recordCanvas, recordCanvas = _options_recordCanvas === void 0 ? false : _options_recordCanvas, _options_recordCrossOriginIframes = options.recordCrossOriginIframes, recordCrossOriginIframes = _options_recordCrossOriginIframes === void 0 ? false : _options_recordCrossOriginIframes, _options_recordAfter = options.recordAfter, recordAfter = _options_recordAfter === void 0 ? options.recordAfter === "DOMContentLoaded" ? options.recordAfter : "load" : _options_recordAfter, _options_userTriggeredOnInput = options.userTriggeredOnInput, userTriggeredOnInput = _options_userTriggeredOnInput === void 0 ? false : _options_userTriggeredOnInput, _options_collectFonts = options.collectFonts, collectFonts = _options_collectFonts === void 0 ? false : _options_collectFonts, _options_inlineImages = options.inlineImages, inlineImages = _options_inlineImages === void 0 ? false : _options_inlineImages, plugins = options.plugins, _options_keepIframeSrcFn = options.keepIframeSrcFn, keepIframeSrcFn = _options_keepIframeSrcFn === void 0 ? function() {
+    var emit = options.emit, checkoutEveryNms = options.checkoutEveryNms, checkoutEveryNth = options.checkoutEveryNth, _options_blockClass = options.blockClass, blockClass = _options_blockClass === void 0 ? "rr-block" : _options_blockClass, _options_blockSelector = options.blockSelector, blockSelector = _options_blockSelector === void 0 ? null : _options_blockSelector, _options_ignoreClass = options.ignoreClass, ignoreClass = _options_ignoreClass === void 0 ? "rr-ignore" : _options_ignoreClass, _options_ignoreSelector = options.ignoreSelector, ignoreSelector = _options_ignoreSelector === void 0 ? null : _options_ignoreSelector, _options_maskTextClass = options.maskTextClass, maskTextClass = _options_maskTextClass === void 0 ? "rr-mask" : _options_maskTextClass, _options_maskTextSelector = options.maskTextSelector, maskTextSelector = _options_maskTextSelector === void 0 ? null : _options_maskTextSelector, _options_inlineStylesheet = options.inlineStylesheet, inlineStylesheet = _options_inlineStylesheet === void 0 ? true : _options_inlineStylesheet, maskAllInputs = options.maskAllInputs, _maskInputOptions = options.maskInputOptions, _slimDOMOptions = options.slimDOMOptions, maskInputFn = options.maskInputFn, maskTextFn = options.maskTextFn, hooks = options.hooks, packFn = options.packFn, _options_sampling = options.sampling, sampling = _options_sampling === void 0 ? {} : _options_sampling, _options_dataURLOptions = options.dataURLOptions, dataURLOptions = _options_dataURLOptions === void 0 ? {} : _options_dataURLOptions, mousemoveWait = options.mousemoveWait, _options_recordDOM = options.recordDOM, recordDOM = _options_recordDOM === void 0 ? true : _options_recordDOM, _options_recordCanvas = options.recordCanvas, recordCanvas = _options_recordCanvas === void 0 ? false : _options_recordCanvas, _options_recordCrossOriginIframes = options.recordCrossOriginIframes, recordCrossOriginIframes = _options_recordCrossOriginIframes === void 0 ? false : _options_recordCrossOriginIframes, allowedIframeOrigins = options.allowedIframeOrigins, _options_recordAfter = options.recordAfter, recordAfter = _options_recordAfter === void 0 ? options.recordAfter === "DOMContentLoaded" ? options.recordAfter : "load" : _options_recordAfter, _options_userTriggeredOnInput = options.userTriggeredOnInput, userTriggeredOnInput = _options_userTriggeredOnInput === void 0 ? false : _options_userTriggeredOnInput, _options_collectFonts = options.collectFonts, collectFonts = _options_collectFonts === void 0 ? false : _options_collectFonts, _options_inlineImages = options.inlineImages, inlineImages = _options_inlineImages === void 0 ? false : _options_inlineImages, plugins = options.plugins, _options_keepIframeSrcFn = options.keepIframeSrcFn, keepIframeSrcFn = _options_keepIframeSrcFn === void 0 ? function() {
         return false;
     } : _options_keepIframeSrcFn, _options_ignoreCSSAttributes = options.ignoreCSSAttributes, ignoreCSSAttributes = _options_ignoreCSSAttributes === void 0 ? /* @__PURE__ */ new Set([]) : _options_ignoreCSSAttributes, errorHandler2 = options.errorHandler;
     registerErrorHandler(errorHandler2);
+    var validatedOrigins;
+    if (recordCrossOriginIframes && allowedIframeOrigins && allowedIframeOrigins.length > 0) {
+        validatedOrigins = buildAllowedOriginSet(allowedIframeOrigins);
+        if (validatedOrigins.size === 0) {
+            validatedOrigins = void 0;
+        }
+    }
     var inEmittingFrame = recordCrossOriginIframes ? window.parent === window : true;
     var passEmitsToParent = false;
     if (!inEmittingFrame) {
@@ -13364,7 +13404,14 @@ function record(options) {
                 origin: window.location.origin,
                 isCheckout: isCheckout
             };
-            window.parent.postMessage(message, "*");
+            if (validatedOrigins) {
+                for(var _iterator = _create_for_of_iterator_helper_loose(validatedOrigins), _step; !(_step = _iterator()).done;){
+                    var targetOrigin = _step.value;
+                    window.parent.postMessage(message, targetOrigin);
+                }
+            } else {
+                window.parent.postMessage(message, "*");
+            }
         }
         if (e2.type === EventType.FullSnapshot) {
             lastFullSnapshotEvent = e2;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mixpanel-browser",
-  "version": "2.76.0",
+  "version": "2.78.0",
   "description": "The official Mixpanel JavaScript browser client library",
   "main": "dist/mixpanel.cjs.js",
   "module": "dist/mixpanel.module.js",
@@ -91,9 +91,10 @@
     "webpack": "1.12.2"
   },
   "dependencies": {
-    "@mixpanel/rrweb": "2.0.0-alpha.18.3",
-    "@mixpanel/rrweb-plugin-console-record": "2.0.0-alpha.18.3",
-    "@mixpanel/rrweb-utils": "2.0.0-alpha.18.3",
-    "json-logic-js": "2.0.5"
+    "@mixpanel/rrweb": "2.0.0-alpha.18.4",
+    "@mixpanel/rrweb-plugin-console-record": "2.0.0-alpha.18.4",
+    "@mixpanel/rrweb-utils": "2.0.0-alpha.18.4",
+    "json-logic-js": "2.0.5",
+    "@types/json-logic-js": "2.0.5"
   }
 }

package/src/config.js

@@ -1,6 +1,6 @@
 export var Config = {
     DEBUG: false,
-    LIB_VERSION: '2.76.0'
+    LIB_VERSION: '2.78.0'
 };
 
 // Window global names for async modules

package/src/flags/CLAUDE.md

@@ -0,0 +1,24 @@
+# Flags Module
+
+## Testing
+- Test runner is **mocha** (not jest): `BABEL_ENV=test npx mocha --require babel-core/register tests/unit/flags.js`
+- Unit tests live in `tests/unit/flags.js`
+
+## Code style
+- ES5 prototypal classes — no arrow functions, no ES6 classes
+- Use `.bind(this)` for `this` context in promise `.then()` / `.catch()` callbacks
+- Flat promise chains preferred over nested `.then()` inside `.then()`
+
+## Public API pattern
+- Snake-case aliases are registered at the bottom of `index.js` (e.g., `prototype['load_flags'] = prototype.loadFlags`)
+- New public methods need both the camelCase implementation and a snake_case alias
+
+## Error handling convention
+- `fetchFlags()` always rejects on error (single `.catch` that logs and re-throws)
+- Fire-and-forget callers (`init`, `updateContext`, `mixpanel-core.js` identify call) swallow errors at the call site with `.catch(function() {})`
+- User-facing methods like `loadFlags` propagate rejections so the caller can handle them
+
+## Key files
+- `src/flags/index.js` — `FeatureFlagManager` class (fetch, load, variants, first-time events)
+- `src/mixpanel-core.js` — calls `fetchFlags()` on distinct_id change (~line 1764)
+- `tests/unit/flags.js` — all flag unit tests

package/src/flags/index.js

@@ -53,7 +53,9 @@ FeatureFlagManager.prototype.init = function() {
     }
 
     this.flags = null;
-    this.fetchFlags();
+    this.fetchFlags().catch(function() {
+        logger.error('Error fetching flags during init');
+    });
 
     this.trackedFeatures = new Set();
     this.pendingFirstTimeEvents = {};
@@ -94,8 +96,12 @@ FeatureFlagManager.prototype.updateContext = function(newContext, options) {
     var oldContext = (options && options['replace']) ? {} : this.getConfig(CONFIG_CONTEXT);
     ffConfig[CONFIG_CONTEXT] = _.extend({}, oldContext, newContext);
 
-    this.setMpConfig(FLAGS_CONFIG_KEY, ffConfig);
-    return this.fetchFlags();
+    var configUpdate = {};
+    configUpdate[FLAGS_CONFIG_KEY] = ffConfig;
+    this.setMpConfig(configUpdate);
+    return this.fetchFlags().catch(function() {
+        logger.error('Error fetching flags during updateContext');
+    });
 };
 
 FeatureFlagManager.prototype.areFlagsReady = function() {
@@ -132,96 +138,110 @@ FeatureFlagManager.prototype.fetchFlags = function() {
         }
     }).then(function(response) {
         this.markFetchComplete();
-        return response.json().then(function(responseBody) {
-            var responseFlags = responseBody['flags'];
-            if (!responseFlags) {
-                throw new Error('No flags in API response');
-            }
-            var flags = new Map();
-            var pendingFirstTimeEvents = {};
-
-            // Process flags from response
-            _.each(responseFlags, function(data, key) {
-                // Check if this flag has any activated first-time events this session
-                var hasActivatedEvent = false;
-                var prefix = key + ':';
-                _.each(this.activatedFirstTimeEvents, function(activated, eventKey) {
-                    if (eventKey.startsWith(prefix)) {
-                        hasActivatedEvent = true;
-                    }
-                });
-
-                if (hasActivatedEvent) {
-                    // Preserve the activated variant, don't overwrite with server's current variant
-                    var currentFlag = this.flags && this.flags.get(key);
-                    if (currentFlag) {
-                        flags.set(key, currentFlag);
-                    }
-                } else {
-                    // Use server's current variant
-                    flags.set(key, {
-                        'key': data['variant_key'],
-                        'value': data['variant_value'],
-                        'experiment_id': data['experiment_id'],
-                        'is_experiment_active': data['is_experiment_active'],
-                        'is_qa_tester': data['is_qa_tester']
-                    });
+        return response.json();
+    }.bind(this)).then(function(responseBody) {
+        var responseFlags = responseBody['flags'];
+        if (!responseFlags) {
+            throw new Error('No flags in API response');
+        }
+        var flags = new Map();
+        var pendingFirstTimeEvents = {};
+
+        // Process flags from response
+        _.each(responseFlags, function(data, key) {
+            // Check if this flag has any activated first-time events this session
+            var hasActivatedEvent = false;
+            var prefix = key + ':';
+            _.each(this.activatedFirstTimeEvents, function(activated, eventKey) {
+                if (eventKey.startsWith(prefix)) {
+                    hasActivatedEvent = true;
                 }
-            }, this);
+            });
 
-            // Process top-level pending_first_time_events array
-            var topLevelDefinitions = responseBody['pending_first_time_events'];
-            if (topLevelDefinitions && topLevelDefinitions.length > 0) {
-                _.each(topLevelDefinitions, function(def) {
-                    var flagKey = def['flag_key'];
-                    var eventKey = getPendingEventKey(flagKey, def['first_time_event_hash']);
-
-                    // Skip if this specific event has already been activated this session
-                    if (this.activatedFirstTimeEvents[eventKey]) {
-                        return;
-                    }
-
-                    // Store pending event definition using composite key
-                    pendingFirstTimeEvents[eventKey] = {
-                        'flag_key': flagKey,
-                        'flag_id': def['flag_id'],
-                        'project_id': def['project_id'],
-                        'first_time_event_hash': def['first_time_event_hash'],
-                        'event_name': def['event_name'],
-                        'property_filters': def['property_filters'],
-                        'pending_variant': def['pending_variant']
-                    };
-                }, this);
+            if (hasActivatedEvent) {
+                // Preserve the activated variant, don't overwrite with server's current variant
+                var currentFlag = this.flags && this.flags.get(key);
+                if (currentFlag) {
+                    flags.set(key, currentFlag);
+                }
+            } else {
+                // Use server's current variant
+                flags.set(key, {
+                    'key': data['variant_key'],
+                    'value': data['variant_value'],
+                    'experiment_id': data['experiment_id'],
+                    'is_experiment_active': data['is_experiment_active'],
+                    'is_qa_tester': data['is_qa_tester']
+                });
             }
+        }, this);
+
+        // Process top-level pending_first_time_events array
+        var topLevelDefinitions = responseBody['pending_first_time_events'];
+        if (topLevelDefinitions && topLevelDefinitions.length > 0) {
+            _.each(topLevelDefinitions, function(def) {
+                var flagKey = def['flag_key'];
+                var eventKey = getPendingEventKey(flagKey, def['first_time_event_hash']);
+
+                // Skip if this specific event has already been activated this session
+                if (this.activatedFirstTimeEvents[eventKey]) {
+                    return;
+                }
 
-            // Preserve any activated orphaned flags (flags that were activated but are no longer in response)
-            if (this.activatedFirstTimeEvents) {
-                _.each(this.activatedFirstTimeEvents, function(activated, eventKey) {
-                    var flagKey = getFlagKeyFromPendingEventKey(eventKey);
-                    if (activated && !flags.has(flagKey) && this.flags && this.flags.has(flagKey)) {
-                        // Keep the activated flag even though it's not in the new response
-                        flags.set(flagKey, this.flags.get(flagKey));
-                    }
-                }, this);
-            }
+                // Store pending event definition using composite key
+                pendingFirstTimeEvents[eventKey] = {
+                    'flag_key': flagKey,
+                    'flag_id': def['flag_id'],
+                    'project_id': def['project_id'],
+                    'first_time_event_hash': def['first_time_event_hash'],
+                    'event_name': def['event_name'],
+                    'property_filters': def['property_filters'],
+                    'pending_variant': def['pending_variant']
+                };
+            }, this);
+        }
 
-            this.flags = flags;
-            this.pendingFirstTimeEvents = pendingFirstTimeEvents;
-            this._traceparent = traceparent;
+        // Preserve any activated orphaned flags (flags that were activated but are no longer in response)
+        if (this.activatedFirstTimeEvents) {
+            _.each(this.activatedFirstTimeEvents, function(activated, eventKey) {
+                var flagKey = getFlagKeyFromPendingEventKey(eventKey);
+                if (activated && !flags.has(flagKey) && this.flags && this.flags.has(flagKey)) {
+                    // Keep the activated flag even though it's not in the new response
+                    flags.set(flagKey, this.flags.get(flagKey));
+                }
+            }, this);
+        }
 
-            this._loadTargetingIfNeeded();
-        }.bind(this)).catch(function(error) {
-            this.markFetchComplete();
-            logger.error(error);
-        }.bind(this));
+        this.flags = flags;
+        this.pendingFirstTimeEvents = pendingFirstTimeEvents;
+        this._traceparent = traceparent;
+
+        this._loadTargetingIfNeeded();
     }.bind(this)).catch(function(error) {
-        this.markFetchComplete();
+        if (this._fetchInProgressStartTime) {
+            this.markFetchComplete();
+        }
         logger.error(error);
+        throw error;
     }.bind(this));
 
     return this.fetchPromise;
 };
 
+FeatureFlagManager.prototype.loadFlags = function() {
+    if (!this.isSystemEnabled()) {
+        return Promise.resolve();
+    }
+    if (!this.trackedFeatures) {
+        logger.error('loadFlags called before init');
+        return Promise.resolve();
+    }
+    if (this._fetchInProgressStartTime) {
+        return this.fetchPromise;
+    }
+    return this.fetchFlags();
+};
+
 FeatureFlagManager.prototype.markFetchComplete = function() {
     if (!this._fetchInProgressStartTime) {
         logger.error('Fetch in progress started time not set, cannot mark fetch complete');
@@ -501,6 +521,13 @@ FeatureFlagManager.prototype.trackFeatureCheck = function(featureName, feature)
     this.track('$experiment_started', trackingProperties);
 };
 
+FeatureFlagManager.prototype.whenReady = function() {
+    if (this.fetchPromise) {
+        return this.fetchPromise;
+    }
+    return Promise.resolve();
+};
+
 FeatureFlagManager.prototype.minApisSupported = function() {
     return !!this.fetch &&
       typeof Promise !== 'undefined' &&
@@ -517,7 +544,9 @@ FeatureFlagManager.prototype['get_variant_value'] = FeatureFlagManager.prototype
 FeatureFlagManager.prototype['get_variant_value_sync'] = FeatureFlagManager.prototype.getVariantValueSync;
 FeatureFlagManager.prototype['is_enabled'] = FeatureFlagManager.prototype.isEnabled;
 FeatureFlagManager.prototype['is_enabled_sync'] = FeatureFlagManager.prototype.isEnabledSync;
+FeatureFlagManager.prototype['load_flags'] = FeatureFlagManager.prototype.loadFlags;
 FeatureFlagManager.prototype['update_context'] = FeatureFlagManager.prototype.updateContext;
+FeatureFlagManager.prototype['when_ready'] = FeatureFlagManager.prototype.whenReady;
 
 // Deprecated method
 FeatureFlagManager.prototype['get_feature_data'] = FeatureFlagManager.prototype.getFeatureData;

package/src/index.d.ts

@@ -252,11 +252,12 @@ export interface Config {
   record_mask_all_inputs: boolean;
   record_min_ms: number;
   record_max_ms: number;
-  record_sessions_percent: number;
+  record_allowed_iframe_origins: string[];
   record_canvas: boolean;
   recording_event_triggers: RecordingEventTriggers;
   record_heatmap_data: boolean;
   remote_settings_mode: RemoteSettingType;
+  record_sessions_percent: number;
   hooks: {
     before_identify?: (new_distinct_id: string) => string | null;
     before_register?: (
@@ -356,6 +357,7 @@ export interface FlagsUpdateContextOptions {
 
 export interface FlagsManager {
   are_flags_ready(): boolean;
+  load_flags(): Promise<void>;
   get_variant(
     featureName: string,
     fallback: FlagsVariant

package/src/mixpanel-core.js

@@ -64,7 +64,6 @@ var INIT_SNIPPET = 1;
 /** @const */ var SETTING_FALLBACK      = 'fallback';
 /** @const */ var SETTING_DISABLED      = 'disabled';
 
-
 /*
  * Dynamic... constants? Is that an oxymoron?
  */
@@ -149,6 +148,7 @@ var DEFAULT_CONFIG = {
     'batch_request_timeout_ms':          90000,
     'batch_autostart':                   true,
     'hooks':                             {},
+    'record_allowed_iframe_origins':     [],
     'record_block_class':                new RegExp('^(mp-block|fs-exclude|amp-block|rr-block|ph-no-capture)$'),
     'record_block_selector':             'img, video, audio',
     'record_canvas':                     false,
@@ -1724,7 +1724,9 @@ MixpanelLib.prototype.identify = function(
 
     // check feature flags again if distinct id has changed
     if (new_distinct_id !== previous_distinct_id) {
-        this.flags.fetchFlags();
+        this.flags.fetchFlags().catch(function() {
+            console.error('[flags] Error fetching flags during identify');
+        });
     }
 };
 

package/src/recorder/session-recording.js

@@ -10,7 +10,7 @@ import { addOptOutCheckMixpanelLib } from '../gdpr-utils';
 import { RequestBatcher } from '../request-batcher';
 
 import { Config } from '../config';
-import { RECORD_ENQUEUE_THROTTLE_MS } from './utils';
+import { RECORD_ENQUEUE_THROTTLE_MS, validateAllowedOrigins } from './utils';
 import { shouldMaskInput, shouldMaskText, getPrivacyConfig } from './masking';
 import { getRecordNetworkPlugin } from './rrweb-network-plugin';
 
@@ -265,6 +265,8 @@ SessionRecording.prototype.startRecording = function (shouldStopBatcher) {
         );
     }
 
+    var validatedOrigins = validateAllowedOrigins(this.getConfig('record_allowed_iframe_origins'), logger);
+
     try {
         this._stopRecording = this._rrwebRecord({
             'emit': function (ev) {
@@ -299,6 +301,8 @@ SessionRecording.prototype.startRecording = function (shouldStopBatcher) {
             'maskTextSelector': '*',
             'maskInputFn': this._getMaskFn(shouldMaskInput, privacyConfig),
             'maskTextFn': this._getMaskFn(shouldMaskText, privacyConfig),
+            'recordCrossOriginIframes': validatedOrigins.length > 0,
+            'allowedIframeOrigins': validatedOrigins,
             'recordCanvas': this.getConfig('record_canvas'),
             'sampling': {
                 'canvas': 15

package/src/recorder/utils.js

@@ -1,3 +1,5 @@
+import { _ } from '../utils';
+
 /**
  * @param {import('./session-recording').SerializedRecording} serializedRecording
  * @returns {boolean}
@@ -10,7 +12,31 @@ var isRecordingExpired = function(serializedRecording) {
 
 var RECORD_ENQUEUE_THROTTLE_MS = 250;
 
+var validateAllowedOrigins = function(origins, logger) {
+    if (!_.isArray(origins)) {
+        if (origins) {
+            logger.critical('record_allowed_iframe_origins must be an array of origin strings, cross-origin recording will be disabled.');
+        }
+        return [];
+    }
+    var valid = [];
+    for (var i = 0; i < origins.length; i++) {
+        try {
+            var origin = new URL(origins[i]).origin;
+            if (origin === 'null') {
+                logger.critical(origins[i] + ' has an opaque origin. Skipping this entry.');
+                continue;
+            }
+            valid.push(origin);
+        } catch (e) {
+            logger.critical(origins[i] + ' is not a valid origin URL. Skipping this entry.');
+        }
+    }
+    return valid;
+};
+
 export {
     isRecordingExpired,
-    RECORD_ENQUEUE_THROTTLE_MS
+    RECORD_ENQUEUE_THROTTLE_MS,
+    validateAllowedOrigins
 };