fix: Console error on some cross-origin requests without NR CAT header

[cwli24]

XHR headers will be checked for the deprecated New Relic CAT header before calling getResponseHeader, which throws a console error if it does not exist for cross-origin requests.

Overview

getResponseHeader behavior when dealing with a nonexistent header:

• It doesn’t show the error in console ("Refuse to get unsafe header") if the XHR is deemed same-origin (by browser). This only throws if it’s cross-origin request. If header DNE, it returns null.
• There is a test for “xhr_no_cat” that doesn’t return CAT header in response. But it doesn’t throw because it requests from the same origin [:3333]/xhr_no_cat as the test-server.
• Even if it requests from cross-origin (say, another port), it still won’t throw if it’s listed in Access-Control-Expose-Headers … which is the case for all response from the test-server.
• While the code does check that it's the "same origin" (from agent's perspective), before running this method, there may have been some slip through wherein the XHR is actually cross origin but misinterpreted as same origin by agent.

Related Issue(s)

https://new-relic.atlassian.net/browse/NR-371864

Testing

Non-error (cannot be tracked via JSErrors feat) + difficult to test for.

[github-actions]

Asset Size Report

Merging this pull request will result in the following asset size changes:

Agent	Asset	Previous Size	New Size	Diff
lite	loader	30.01 kB / 10.89 kB (gzip)	30.01 kB / 10.89 kB (gzip)	0% / 0% (gzip)
lite	async-chunk	51.3 kB / 16.77 kB (gzip)	51.3 kB / 16.77 kB (gzip)	0% / 0% (gzip)
pro	loader	52.13 kB / 17.95 kB (gzip)	52.19 kB / 17.98 kB (gzip)	0.1% / 0.14% (gzip)
pro	async-chunk	100.3 kB / 30.63 kB (gzip)	100.3 kB / 30.63 kB (gzip)	0% / 0% (gzip)
spa	loader	59.75 kB / 20.27 kB (gzip)	59.8 kB / 20.3 kB (gzip)	0.09% / 0.14% (gzip)
spa	async-chunk	115.01 kB / 34.96 kB (gzip)	115.01 kB / 34.96 kB (gzip)	0% / 0% (gzip)

[codecov]

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 88.66%. Comparing base (d9d2787) to head (03197d7).
Report is 11 commits behind head on main.

Files with missing lines	Patch %	Lines
src/features/ajax/instrument/index.js	33.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1407      +/-   ##
==========================================
- Coverage   88.67%   88.66%   -0.01%     
==========================================
  Files         170      169       -1     
  Lines        7416     7412       -4     
  Branches     1503     1509       +6     
==========================================
- Hits         6576     6572       -4     
- Misses        732      733       +1     
+ Partials      108      107       -1     

Flag	Coverage Δ
integration-tests	90.83% <100.00%> (-0.02%)	⬇️
unit-tests	79.91% <33.33%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Last ran on March 06, 2025 16:35:17 CST
Checking merge of (03197d7) into main (2b093e8)