Security Reports MR Widget keeps fetching security reports even when not mounted

Summary

The Security Reports MR Widget continues to fetch security reports from the backend even when the widget component is not mounted or visible. This results in unnecessary API calls and resource consumption.

Problem Description

The security reports MR Widget keeps fetching the security_reports endpoint until the reports are ready, following the backend's Poll-Interval header instructions. However, as demonstrated in the attached screencast, the widget continues polling even when:

The MR widget does not appear in the UI
The component is unmounted
The user has navigated away from the merge request

This behavior leads to:

Unnecessary network requests
Increased server load
Poor resource utilization
Potential performance degradation

Current Behavior

Security Reports MR Widget starts polling the security_reports endpoint
Backend responds with Poll-Interval header instructing frontend to continue polling
Frontend continues polling regardless of component mount state
Polling persists even when widget is not visible or component is unmounted

Expected Behavior

Stop polling when the component is unmounted

Proposed Solution

Implement proper cleanup in the widget component to stop polling on unmount:

Add cleanup logic in component's beforeDestroy/unmounted lifecycle hook
Cancel ongoing polling requests when component is unmounted
Ensure polling state is properly reset

Steps to Reproduce

Unfortunately I have not enough context on when this happens. I'll try to debug more.

Evidence

security-metrics-keep-loading

Impact

Performance: Unnecessary API calls consume bandwidth and server resources
User Experience: Potential browser performance degradation
Infrastructure: Increased load on backend services

Labels

Edited Oct 23, 2025 by Savas Vedova