The Chrome extension for the Profiler provides you with explicit control over the generation of traces on development and production servers. It is an optional component and not required for Tideways to work.
You can install the extension from the Chrome WebStore.
After installation you can click on the Tideways Icon next to the url location field. It opens a popup with a list of all applications that you have access to in Tideways.
You can start profiling by pressing the "Take Profile" button next to the application whose site you are visiting in the currently active browser tab.
The extension makes an effort to find out the application based on the domain, but sometimes the information is not yet available and you have to pick it from the list.
Once you clicked "Take Profile", the current page will automatically reload in the active tab and a full Timeline & Callgraph trace is collected for the current page, including all Ajax requests that get triggered immediately after the page reload. If you keep the popup open during the reload, it will show a direct link to the generated traces if Tideways was able to process them in a five second window, otherwise you get a link to the list of all traces.
If you want to take profiles from more complex interactions such as Form submissions or Ajax calls that happen as part of an interaction on the site, then use you must open the Dropdown of the "Take Profile" button and select the "Profile for 15 seconds" option. This will start tracing for 15 seconds and gives you enough time to trigger any form, POST or ajax request that you want to profile.
How it works
Profiling through the Chrome extension works by setting a cookie with a short expiry for the domain you are visiting. The cookie contains profiling instructions and a cryptographic signature, which the server with Tideways PHP extension verifies using the secret API Key using a strong HMAC as a security mechanism.
The chrome extension uses your current login to Tideways (app.tideways.io) to request a hash that is valid for a short amount of time and stores this inside the cookie. Hashes are only valid for a short time and no secrets are ever stored in the Chrome extension.
Required Chrome Permissions
The Tideways Chrome extension requires the following permissions:
Cookies for all domains is used to set the
TIDEWAYS_SESSIONcookie with a cryptographic hash which triggers the profiling when found and verified by the Tideways PHP extension. We only ever read the
TIDEWAYS_SESSIONcookie and don't access other cookies. The alternative implementation would have been to request
webRequestpermissions which would give the extension access to ALL request and response data inside Chrome.
Active Tab permission is used to access the location/URL of the currently selected tab when pressing the Tideways extension browser action button. We use it to find out about the current URL and Host to preselect the correct Tideways application for profiling and reload the active tab when activating profiling.
None of the cookie or active tab data is sent back to Tideways servers, all calculations based on this data are performed inside the Chrome extension.