You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Proposal: #9713 (comment)
On the desktop app, the app is loading with localhost URL on dev and app:// on production. CSP policy will fail if URLs do not match with what is specified in frame-ancestors.
On electron, intercept the requests calls and manage the response headers for CSP before that calls are received on the frontend.
Change the app URL from console to statements/202201/.
Check that page is loaded on Dev build as well as staging.
Verify that no errors appear in the JS console
PR Review Checklist
Contributor (PR Author) Checklist
I linked the correct issue in the ### Fixed Issues section above
I wrote clear testing steps that cover the changes made in this PR
I added steps for local testing in the Tests section
I added steps for Staging and/or Production testing in the QA steps section
I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
I included screenshots or videos for tests on all platforms
I ran the tests on all platforms & verified they passed on:
iOS / native
Android / native
iOS / Safari
Android / Chrome
MacOS / Chrome
MacOS / Desktop
I verified there are no console errors (if there’s a console error not related to the PR, report it or open an issue for it to be fixed)
I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
I verified that comments were added to code that is not self explanatory
I verified that any new or modified comments were clear, correct English, and explained “why” the code was doing something instead of only explaining “what” the code was doing.
I verified any copy / text shown in the product was added in all src/languages/* files
I verified any copy / text that was added to the app is correct English and approved by marketing by tagging the marketing team on the original GH to get the correct copy.
I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named “index.js”. All platform-specific files are named for the platform the code supports as outlined in the README.
I verified the JSDocs style guidelines (in STYLE.md) were followed
If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
If a new component is created I verified that:
A similar component doesn't exist in the codebase
All props are defined accurately and each prop has a /** comment above it */
Any functional components have the displayName property
The file is named correctly
The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
The only data being stored in the state is data necessary for rendering and nothing else
For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
All JSX used for rendering exists in the render method
The component has the minimum amount of code necessary for its purpose and it is
If a new CSS style is added I verified that:
A similar style doesn’t already exist
The style can’t be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
PR Reviewer Checklist
I verified the correct issue is linked in the ### Fixed Issues section above
I verified testing steps are clear and they cover the changes made in this PR
I verified the steps for local testing are in the Tests section
I verified the steps for Staging and/or Production testing are in the QA steps section
I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
I checked that screenshots or videos are included for tests on all platforms
I verified tests pass on all platforms & I tested again on:
iOS / native
Android / native
iOS / Safari
Android / Chrome
MacOS / Chrome
MacOS / Desktop
I verified there are no console errors (if there’s a console error not related to the PR, report it or open an issue for it to be fixed)
I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
I verified that comments were added to code that is not self explanatory
I verified that any new or modified comments were clear, correct English, and explained “why” the code was doing something instead of only explaining “what” the code was doing.
I verified any copy / text shown in the product was added in all src/languages/* files
I verified any copy / text that was added to the app is correct English and approved by marketing by tagging the marketing team on the original GH to get the correct copy.
I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named “index.js”. All platform-specific files are named for the platform the code supports as outlined in the README.
I verified the JSDocs style guidelines (in STYLE.md) were followed
If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
I verified that this PR follows the guidelines as stated in the Review Guidelines
I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
If a new component is created I verified that:
A similar component doesn't exist in the codebase
All props are defined accurately and each prop has a /** comment above it */
Any functional components have the displayName property
The file is named correctly
The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
The only data being stored in the state is data necessary for rendering and nothing else
For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
All JSX used for rendering exists in the render method
The component has the minimum amount of code necessary for its purpose and it is broken down into smaller components in order to separate concerns and functions
If a new CSS style is added I verified that:
A similar style doesn’t already exist
The style can’t be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
QA Steps
(Needs to be production QA)
Ping me or any other expensify employee
Have them open the desktop app
Go to their concierge chat and go to one of the statement messages
Click on the statement link
It should load successfully
Verify that no errors appear in the JS console
Screenshots
Web
Since URL is localhost. I am not sure how to test it there.
@thienlnam Could you please test the Production build of the desktop app? Also, let me know how to navigate to statements page so that I can add it to the QA steps for QA.
@thienlnam Could you please Production build of the desktop app? Also, let me know to navigate to statements page so that I can add it to the QA steps for QA.
Going to test it now, also testing for this will have to be internalQA. You can only navigate to the statements page via link from Concierge
@thienlnam looks like this was merged without passing tests. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.
We reverted this to fix staging. In the next iterations, keep in mind that you can run npm run desktop-build and npm run desktop-build-staging to build staging and production versions of the desktop app with local code. You can install those local builds just like the ones hosted on staging and production 👍
Hmm, I still seem to be running into this issue on Version 1.1.82-5 (1.1.82-5)
Refused to frame 'https://www.expensify.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://we.are.expensify.com www.expensify.com https://viewer.expensify.com chrome-extension://oiicpdkmeclmgmlmbajefnkalcfageek chrome-extension://eeibfofdhodcjojmbookcpigoaeilkek https://new.expensify.com".
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
thienlnam
changed the title
Details
Proposal: #9713 (comment)
On the desktop app, the app is loading with localhost URL on dev and
app://on production. CSP policy will fail if URLs do not match with what is specified in frame-ancestors.On electron, intercept the requests calls and manage the response headers for CSP before that calls are received on the frontend.
Fixed Issues
$ #9713
Tests
statements/202201/.PR Review Checklist
Contributor (PR Author) Checklist
### Fixed Issuessection aboveTestssectionQA stepssectiontoggleReportand notonIconClick)src/languages/*filesSTYLE.md) were followedAvatar, I verified the components usingAvatarare working as expected)/** comment above it */displayNamepropertythisproperly so there are no scoping issues (i.e. foronClick={this.submit}the methodthis.submitshould be bound tothisin the constructor)thisare necessary to be bound (i.e. avoidthis.submit = this.submit.bind(this);ifthis.submitis never passed to a component event handler likeonClick)StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)Avataris modified, I verified thatAvataris working as expected in all cases)PR Reviewer Checklist
### Fixed Issuessection aboveTestssectionQA stepssectiontoggleReportand notonIconClick).src/languages/*filesSTYLE.md) were followed/** comment above it */displayNamepropertythisproperly so there are no scoping issues (i.e. foronClick={this.submit}the methodthis.submitshould be bound tothisin the constructor)thisare necessary to be bound (i.e. avoidthis.submit = this.submit.bind(this);ifthis.submitis never passed to a component event handler likeonClick)StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)Avataris modified, I verified thatAvataris working as expected in all cases)QA Steps
(Needs to be production QA)
Screenshots
Web
Since URL is localhost. I am not sure how to test it there.
Mobile Web
The same goes for mWeb.
Desktop
iOS
Android