[HOLD for payment 2022-07-25] [$250] Statement does not load in NewDot Desktop App #9713
Comments
thienlnam
added
Weekly
|
cc @justinpersaud since you've helped us on previous configuration issues - do we just need to include |
|
|
|
I assume it's not valid without the protocol, www.expensify.com is put there from the hostname here. We explicity imply it in these other configs https://github.com/Expensify/Salt/blob/3c6ac677d3a3e6d0dd7ee57b04fab523957525b6/shared_pkgs/nginx/files/conf.d/integrations.conf.template#L20-L20 so I'm guessing we can just start by adding it? |
|
yeah let's try that and see? according to the spec it should work though: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
|
|
wait, are you using the staging server on newdot? could it be because the request is coming from https://staging.new.expensify.com --> www.expensify.com |
|
Not on the staging server on newDot, unless it's something that's automatically added to my expensify account. Good point on the staging though, we'd also want this to work on staging so I will also add |
|
@thienlnam This one needs to be done on front end. Doing this change will fix it.
if(details.responseHeaders['content-security-policy']){
details.responseHeaders['content-security-policy'] = details.responseHeaders['content-security-policy'].map(v => v.startsWith('frame-ancestors') ? v + ` app://*` : v);
}
if(details.responseHeaders['content-security-policy']){
details.responseHeaders['content-security-policy'] = details.responseHeaders['content-security-policy'].map(v => v.startsWith('frame-ancestors') ? v + ` http://localhost:${process.env.PORT}` : v);
}Other solution could be to remove the CSP response headers all along. I am not sure of the security implications so I won't suggest it. |
What's the reasoning behind this, how come it isn't being recognized currently?
Yeah this is unlikely what we'd want to do |
|
On the desktop app, the app is loading with localhost URL on dev and with Previously we never used frames anywhere AFAIK so |
|
Interesting, thanks for the context. I agree this actually seems to be an issue we can fix on the front-end. Seems like we've already been running into this with access-control-allow-origin. We could just update our config to allow app://expensify... but I think the solution you provided makes more sense. Do you want to take this issue? |
|
Yup, I can do that. |
|
@thienlnam not sure if this is related #9670 |
|
@mvtglobally Yup, good catch - this is the same issue so I'm closing the other one |
thienlnam
added
External
|
Triggered auto assignment to @michaelhaxhiu ( |
|
This is now an external job - please also hire @parasharrajat as the contributor completing the PR |
|
@thienlnam I also found one issue #9712 (comment). Should I report it or you are aware of this? I also suggested a solution to that. |
|
We've been aware of the blank page - we don't return anything in various scenarios and we've talked about adding some kind of error message so it doesn't look like a bug. The way you mentioned is one way we could handle it, we've also thought about just returning an error dialog but we haven't really fleshed out the design of what this would look like yet so it's something that we need to do first |
|
Current assignee @parasharrajat is eligible for the Exported assigner, not assigning anyone new. |
melvin-bot
bot
added
the
Help Wanted
|
Current assignee @thienlnam is eligible for the Exported assigner, not assigning anyone new. |
melvin-bot
bot
changed the title
michaelhaxhiu
removed
the
Help Wanted
|
Job posted here - https://www.upwork.com/jobs/~01993059e1414b86b4, and invited Rajat :) |
melvin-bot
bot
added
Weekly
melvin-bot
bot
changed the title
|
The solution for this issue has been 🚀 deployed to production 🚀 in version 1.1.84-13 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue: If no regressions arise, payment will be issued on 2022-07-25. 🎊 |
|
paid |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Action Performed:
Break down in numbered steps
Expected Result:
Describe what you think should've happened
Should show the statement
Actual Result:
Describe what actually happened
Shows a blank screen
Workaround:
Can the user still use Expensify without this being fixed? Have you informed them of the workaround?
Will have to view the statement on a non desktop application
Platform:
Where is this issue occurring?
Version Number:
Reproducible in staging?:
Reproducible in production?:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation
Upwork job link: https://www.upwork.com/jobs/~01993059e1414b86b4
View all open jobs on GitHub
The text was updated successfully, but these errors were encountered: