The Google Chrome Extension
The Google Chrome profiler extension the provides explicit control over the generation of traces on development and production servers.
|It is an optional component and not required for Tideways to work.
You can install the extension from the Chrome WebStore.
After installation, you can click on the Tideways icon next to the url location field. It opens a popup with a list of all projects that you have access to in Tideways.
You can start profiling by clicking Take Profile, next to the project whose site you are visiting in the currently active browser tab. The extension makes an effort to determine the project based on the domain. However, sometimes the information is not yet available and you have to pick it from the list.
Once you click Take Profile, the current page will automatically reload in the active tab and a full Timeline & Callgraph trace is collected for the current page, including all Ajax requests that get triggered immediately after the page reload.
If you keep the popup open during the reload, it will show a direct link to the generated traces if Tideways was able to process them in a five second window, otherwise you get a link to the list of all traces.
If you want to take profiles from more complex interactions, such as form submissions or Ajax calls that happen as part of an interaction on the site, then use you must open the dropdown of the "Take Profile" button, and select the "Profile for 15 seconds" option. This will start tracing for 15 seconds, and gives you enough time to trigger any form, POST or AJAX request that you want to profile.
Profiling through the Google Chrome extension works by setting a cookie with a short expiry for the domain you are visiting. The cookie contains profiling instructions and a cryptographic signature, which the server with the Tideways PHP extension verifies, using the secret API Key, using a strong HMAC as a security mechanism.
The Google Chrome extension uses your current login to Tideways (app.tideways.io) to request a hash that is valid for a short amount of time and stores this inside the cookie.
|Hashes are only valid for a short time and no secrets are ever stored in the Chrome extension.
The Tideways Google Chrome extension requires the following permissions:
- Cookies For All Domains
This is used to set the
TIDEWAYS_SESSIONcookie with a cryptographic hash, which triggers the profiling when found and verified by the Tideways PHP extension. We only ever read the
TIDEWAYS_SESSIONcookie and don’t access other cookies. The alternative implementation would have been to request
webRequestpermissions which would give the extension access to ALL request and response data inside Chrome.
- Active Tab
This permission is used to access the location/URL of the currently selected tab when pressing the Tideways extension browser action button. We use it to find out about the current URL and host to preselect the correct Tideways project for profiling and reload the active tab when activating profiling.
|None of the cookie or active tab data is sent back to Tideways servers, all calculations based on this data are performed inside the Chrome extension.