[$500] CORS error is displayed when opening attachment #51888
Comments
isagoico
added
Daily
|
Triggered auto assignment to @greg-schroeder ( |
|
This has been labelled "Needs Reproduction". Follow the steps here: https://stackoverflowteams.com/c/expensify/questions/16989 |
|
I couldn't reproduce this |
greg-schroeder
added
the
retest-weekly
|
We have had similar reports of this before. I won't be able to help here unless it's still open when I'm back on the 11th, but I think the issue is has something to do with the The CORS headers that it says are missing should be inserted here in nginx: https://github.com/Expensify/Salt/blob/main/shared_pkgs/nginx/files/conf.d/www.conf.template#L289-L302 but that line above does not match if the request is something like https://www.expensify.com/?exitTo=/chat-attachments/... I think that is the problem. cc @luacmartins since we were discussing a similar issue in another GH |
|
@Beamanator I think I worked with you on getting this CORS stuff working awhile back when we started using |
|
Edited by proposal-police: This proposal was edited at 2024-11-03 18:47:58 UTC. ProposalPlease re-state the problem that we are trying to solve in this issue.CORS error is displayed when opening attachment What is the root cause of that problem?There are in fact 2 causes to this issue cause 1 Some attachments are seen as of external source
they are requested without authentication token from the following lines App/src/components/Image/index.tsx Lines 50 to 57 in f2e295f The BE then send a redirect as exitTo url but which is requested without the proper "Access-Control-Allow-Origin" header. it doesnt reproduce all the time because sometimes the image is in the cache and is not requested from the BE video_cause1.mp4cause 2 The second cause is that the images are, at the very beginning of the screen loading (deeplinking to report), requested with an expired authentication token even though in most cases a reauthentication have been made. That should not happen but in fact the images loading were disconnected from direct session changes because of a bug in the past #26034 App/src/components/Image/index.tsx Lines 60 to 62 in f2e295f Then even though a reauthentication happens like in the images below (after reconnectApp gets a 407 from the BE) some of the images are firstly requested with an expired authentication token These 2 causes are well sumed up in the video below requetes_302_200_302.mp4What changes do you think we should make in order to solve the problem?For cause 1 into
For cause 2 in type Session.tsx https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/types/onyx/Session.ts we added we change the following lines App/src/components/Image/index.tsx Lines 44 to 62 in f2e295f into
we force useMemo to recalculate and rerender when the session is outdated and we cover cases like the first outdated session without age and the first still valid session without age. Based on the experience working on this issue, we think that any update of the session by Onyx in less than 60s after the previous update may be related to a reauthentication and thus we must recalculate the image source and rerender the image we also change https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/libs/actions/Session/updateSessionAuthTokens.ts into this
and App/src/libs/E2E/actions/e2eLogin.ts Lines 54 to 66 in f2e295f into
in Session/index.tsx https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/libs/actions/Session/index.ts we added RESULTIt works like a charm, the attachments are properly displayed in both cases . video before video after video testing the 2 Hours expired token What alternative solutions did you explore? (Optional)None |
|
it doesnt reproduce all the time because sometimes the image is in the cache and is not requested from the BE |
|
@justinpersaud you are correct, see details here #51699 (comment) @greg-schroeder let's close this as a dupe of #51699 ? |
|
This def does look like a dupe 👍 Also @CyberAndrii 's reproduction steps look pretty good in the other issue, would be nice if @Kalydosos could try to reproduce w/out their fix & with their fix to see if that solves the issue every time 🙏 |
@Beamanator #51699 is about the reproduction steps but this ticket is about the solution to the problem. So this is not a duplicate. I will provide simpler repro steps in #51699
They provide no fix afaik in #51699, they just propose some potential repro steps. Let me know if i'm wrong. I have read the recents edits #51699 (comment) and recents comments #51699 (comment) of @CyberAndrii. I will provide simpler reproduction step. And in fact his statement is not correct as the issue has nothing to do with "expired authentication token", the token are just not sent. We cannot send expired token because the token that is send is from the session and the user session is refresh way before retrieving the images. (EDIT : @CyberAndrii is right in fact on this point, cf #51888 (comment))
this part is not correct neither as the token is not just sent and it is a deliberate choice, see ligne 50 of App/src/components/Image/index.tsx Lines 44 to 58 in bef062b and what proves even more my point and made my proposed fix correct is the deliberate intent of not sending the token made clear in the following comments from the code itself. It is just the some attachments were not taken in consideration as of "local" source cf #51888 (comment) App/src/components/HTMLEngineProvider/HTMLRenderers/ImageRenderer.tsx Lines 39 to 55 in f2e295f |
Yes that's my bad on phrasing - I was talking to the air, but i should have asked you specifically if you could reproduce consistently & if your fix solves all cases 🙏 I def agree there were no solutions proposed in the linked issue |
|
@Beamanator yes i could reproduce the issue consistently and yes my fix solve all cases. I will provide a repro steps here and in the linked issue asap |
|
Thanks very much for confirming 🙏 |
|
Okay so I should set this to |
|
@Beamanator i've been having some issue with my test account since yesterday, i will make a proposal for the repro steps in #51699 once i get that fixed, this proposal here anyway still the fix for the problem
|
|
@Kalydosos this happens sometimes. Create a new account with the |
|
Issue not reproducible during KI retests. (First week) |
|
@Beamanator @greg-schroeder i have updated my proposal, it was a tough issue with multiple causes. I have given a sumup in the proposal details. Reproduction and evolution on the resolution was not easy as eachstep required waiting some hours but i can say that the different aspects of the issue are taken in consideration by my proposal. Some information (the maximum session idle time allowed by the BE) and a choice of Design for a loading spinner must be made if my proposal is accepted. |
|
@CyberAndrii my bad, you were right on the point that expired token was also send as a cause of the issue. It shouldn't have happen but an old bug allow the code to do so #26034 |
|
@mvtglobally the repro steps will be more like #51699 (comment) |
greg-schroeder
added
the
External
|
Triggered auto assignment to @rlinoz, see https://stackoverflow.com/c/expensify/questions/7972 for more details. |
|
@hungvu193 ok to discuss the BE change if it can be done. We will also need Design |
|
Thanks for all the hard work on this issue! What is the BE change that we might need to fix the second issue? Is it sending back when the token expires? |
Yeah, we need an |
|
@rlinoz thanks for helping out ! If possible, we will need the BE, when it send a new session to the FE (like in response to Authenticate), to add the session creation date timestamp. That prop of the session can be named "creation" or "creationTime" per example and its value must take in consideration the timezone of the FE device. What do you think of it ? cc @hungvu193 |
|
Let's discuss here https://expensify.slack.com/archives/C01GTK53T8Q/p1732798975726319 |
|
Issue not reproducible during KI retests. (Fourth week) |
|
@rlinoz @hungvu193 @greg-schroeder this issue is now 4 weeks old, please consider:
Thanks! |
|
Still discussing |
melvin-bot
bot
removed
the
Help Wanted
|
❌ There was an error making the offer to @Kalydosos for the Contributor role. The BZ member will need to manually hire the contributor. |
|
assigning @Kalydosos per thread https://expensify.slack.com/archives/C01GTK53T8Q/p1732798975726319 |
|
thanks for helping out @rlinoz @hungvu193 we will also need Design team's help |
About the loading image right? Let's use a temporary image and create the PR. We can discuss about it during PR phrase |
|
@hungvu193 sounds good 👍 |
|
@Kalydosos any ETA for the PR? |
|
The PR will be available in a few hours |
|
Draft PR created |
|
@Kalydosos, @rlinoz, @hungvu193, @greg-schroeder Whoops! This issue is 2 days overdue. Let's get this updated quick! |
|
Draft PR is up. We're still working on it |
|
Thanks @hungvu193 |
|
Issue not reproducible during KI retests. (Fifth week) |
melvin-bot
bot
added
Reviewing
|
Work on linked PR continues |
If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!
Version Number: v9.0.56-5
Reproducible in staging?: Yes
Reproducible in production?: Unknown (we assume yes)
Email or phone of affected tester (no customers): [email protected]
Logs: https://stackoverflow.com/c/expensify/questions/4856
Issue reported by: @quinthar
Slack conversation #quality
Action Performed:
Expected Result:
There's no error displayed in the network tab when opening a image.
Actual Result:
There's a CORS error when opening an image sent by the current user. (check screenshot)
Issue is not constantly reproducible.
Workaround:
N/A
Platforms:
Which of our officially supported platforms is this issue occurring on?
Screenshots/Videos
View all open jobs on GitHub
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @hungvu193The text was updated successfully, but these errors were encountered: