NGINX Express - HotJar Server #34
Description
Yarn Debug of HotJarJS
When cloning, testing and building HotJarJS from source.
Executing tasks: [:app:assembleDebug] in project /home/qenmity/AndroidStudioProjects/yarnhotjarts
> Task :app:mergeDebugNativeDebugMetadata NO-SOURCE
> Task :app:compileDebugShaders NO-SOURCE
> Task :app:mergeDebugNativeLibs NO-SOURCE
> Task :app:stripDebugDebugSymbols NO-SOURCE
> Task :app:compileDebugKotlin NO-SOURCE
> Task :app:compileDebugJavaWithJavac NO-SOURCE
> Task :app:processDebugJavaRes NO-SOURCENote: related to NGINX
Note: Although verbose and seemingly unrelated, these problems are arising during usage of the DevTools Source Debugger and my own local networks vulnerability scanners that globally check for jQuery patterns automatically.
Aug 08 14:34:38 penguin garcon[317]: [317]: Unknown method: message_type: MESSAGE_METHOD_CALL
destination: org.freedesktop.ScreenSaver
path: /org/freedesktop/ScreenSaver
interface: org.freedesktop.ScreenSaver
member: GetActive
sender: :1.82
serial: 7
Note: The issues usually stem from extremely intense jQuery builds on nginx web servers running the same JS packages:
Aug 08 14:37:58 penguin sommelier[267]: Key repeat discarded, Wayland compositor doesn't seem to be processing events fast enough!
2025-08-08 14:41:02.625 450-482 system_server system_server E Cannot obtain CPU frequency count
2025-08-08 14:41:02.625 450-482 system_server system_server E Cannot obtain CPU frequency count
2025-08-08 14:41:02.625 450-482 system_server system_server E Cannot obtain CPU frequency count
2025-08-08 14:41:02.625 450-482 system_server system_server E Cannot read thread CPU times for PID 450Note: Although verbose and seemingly unrelated, these problems are arising during usage of the DevTools Source Debugger and my own local networks vulnerability scanners that globally check for jQuery patterns automatically.
Thus, upon opening this investigation upon my local projects HotJarJS CDN. I have found that babel.config.js is primarily ran on the network from partnerstack.com which is a Cloudfront-Cache. Subsequently, debugging cache-hit errors has found the following scripts:
// webpack-34cdc05cbbe0fb1a.js
function m(e, t) {
var r = "undefined" != typeof Symbol && e[Symbol.iterator] || e["@@iterator"];
if (!r) {
if (Array.isArray(e) || (r = v(e)) || t && e && "number" == typeof e.length) {
r && (e = r);
var n = 0
, o = function() {};
return {// _app-a78b8e9ae94cf3cb.js
var e = t.prototype;
return e.insertRule = function(t, e) {
try {
return this.sheet.insertRule(e, t),
this.length++,
!0
} catch (t) {
return !1
}
}// 1496-5296ac27caaa08cb.js
var l = function() {
throw new a
}
, c = u ? function() {
try {
return arguments.callee,
l
} catch (e) {
try {
return u(arguments, "callee").get
} catch (e) {
return l
}
}Note: The website Bubbles the DOM as per normal. However, a deeper analysis of the tokens must be done in order to ensure proper data sensitization.
Source Findings Suggest that Amazon Cloudfront is the root cause of NGINX errors:
As evidenced by Hex Dump:
0000 00 16 3e 3d 26 11 00 16 3e dd 1c 8c 08 00 45 00 ..>=&...>.....E.
0010 00 34 b9 26 00 00 f3 06 94 7e 03 a6 b5 3b 64 73 .4.&.....~...;ds
0020 5c ca 01 bb 9d 46 21 91 ea 8b 2f c4 9a 06 80 10 \....F!.../.....
0030 00 83 df 4f 00 00 01 01 08 0a 30 87 da 81 20 98 ...O......0... .
0040 7c 41 |AAnd a network error:
Error 400: Bad Request
Via: 1.1 09bd981fa2f1f158d4c9bdff1b08aea2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MIA50-P4
X-Amz-Cf-Id: wHEY2-Tz0-KXUh2e-1m-d-3f-B7pq7HZHL2R59kIG-cjm2Y83n8dgw==Note: I understand the need for third-party scripts and vendors. However, this can be frustrating for users who do not have high-end builds. And makes it difficult when users are experiencing CPU throttling as a result of the intensive jQuery that is used as a "performance enhancer" on a web server.