[HOLD for payment 2025-01-18] [$500] CORS error is displayed when opening attachment #51888
Comments
isagoico
added
Daily
|
Triggered auto assignment to @greg-schroeder ( |
|
This has been labelled "Needs Reproduction". Follow the steps here: https://stackoverflowteams.com/c/expensify/questions/16989 |
|
I couldn't reproduce this |
greg-schroeder
added
the
retest-weekly
|
We have had similar reports of this before. I won't be able to help here unless it's still open when I'm back on the 11th, but I think the issue is has something to do with the The CORS headers that it says are missing should be inserted here in nginx: https://github.com/Expensify/Salt/blob/main/shared_pkgs/nginx/files/conf.d/www.conf.template#L289-L302 but that line above does not match if the request is something like https://www.expensify.com/?exitTo=/chat-attachments/... I think that is the problem. cc @luacmartins since we were discussing a similar issue in another GH |
|
@Beamanator I think I worked with you on getting this CORS stuff working awhile back when we started using |
|
Edited by proposal-police: This proposal was edited at 2024-11-03 18:47:58 UTC. ProposalPlease re-state the problem that we are trying to solve in this issue.CORS error is displayed when opening attachment What is the root cause of that problem?There are in fact 2 causes to this issue cause 1 Some attachments are seen as of external source
they are requested without authentication token from the following lines App/src/components/Image/index.tsx Lines 50 to 57 in f2e295f The BE then send a redirect as exitTo url but which is requested without the proper "Access-Control-Allow-Origin" header. it doesnt reproduce all the time because sometimes the image is in the cache and is not requested from the BE video_cause1.mp4cause 2 The second cause is that the images are, at the very beginning of the screen loading (deeplinking to report), requested with an expired authentication token even though in most cases a reauthentication have been made. That should not happen but in fact the images loading were disconnected from direct session changes because of a bug in the past #26034 App/src/components/Image/index.tsx Lines 60 to 62 in f2e295f Then even though a reauthentication happens like in the images below (after reconnectApp gets a 407 from the BE) some of the images are firstly requested with an expired authentication token These 2 causes are well sumed up in the video below requetes_302_200_302.mp4What changes do you think we should make in order to solve the problem?For cause 1 into
For cause 2 in type Session.tsx https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/types/onyx/Session.ts we added we change the following lines App/src/components/Image/index.tsx Lines 44 to 62 in f2e295f into
we force useMemo to recalculate and rerender when the session is outdated and we cover cases like the first outdated session without age and the first still valid session without age. Based on the experience working on this issue, we think that any update of the session by Onyx in less than 60s after the previous update may be related to a reauthentication and thus we must recalculate the image source and rerender the image we also change https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/libs/actions/Session/updateSessionAuthTokens.ts into this
and App/src/libs/E2E/actions/e2eLogin.ts Lines 54 to 66 in f2e295f into
in Session/index.tsx https://github.com/Expensify/App/blob/f2e295fd174c87f7a516800c22028b637746b22c/src/libs/actions/Session/index.ts we added RESULTIt works like a charm, the attachments are properly displayed in both cases . video before video after video testing the 2 Hours expired token What alternative solutions did you explore? (Optional)None |
|
it doesnt reproduce all the time because sometimes the image is in the cache and is not requested from the BE |
|
@justinpersaud you are correct, see details here #51699 (comment) @greg-schroeder let's close this as a dupe of #51699 ? |
|
This def does look like a dupe 👍 Also @CyberAndrii 's reproduction steps look pretty good in the other issue, would be nice if @Kalydosos could try to reproduce w/out their fix & with their fix to see if that solves the issue every time 🙏 |
@Beamanator #51699 is about the reproduction steps but this ticket is about the solution to the problem. So this is not a duplicate. I will provide simpler repro steps in #51699
They provide no fix afaik in #51699, they just propose some potential repro steps. Let me know if i'm wrong. I have read the recents edits #51699 (comment) and recents comments #51699 (comment) of @CyberAndrii. I will provide simpler reproduction step. And in fact his statement is not correct as the issue has nothing to do with "expired authentication token", the token are just not sent. We cannot send expired token because the token that is send is from the session and the user session is refresh way before retrieving the images. (EDIT : @CyberAndrii is right in fact on this point, cf #51888 (comment))
this part is not correct neither as the token is not just sent and it is a deliberate choice, see ligne 50 of App/src/components/Image/index.tsx Lines 44 to 58 in bef062b and what proves even more my point and made my proposed fix correct is the deliberate intent of not sending the token made clear in the following comments from the code itself. It is just the some attachments were not taken in consideration as of "local" source cf #51888 (comment) App/src/components/HTMLEngineProvider/HTMLRenderers/ImageRenderer.tsx Lines 39 to 55 in f2e295f |
Yes that's my bad on phrasing - I was talking to the air, but i should have asked you specifically if you could reproduce consistently & if your fix solves all cases 🙏 I def agree there were no solutions proposed in the linked issue |
|
@Beamanator yes i could reproduce the issue consistently and yes my fix solve all cases. I will provide a repro steps here and in the linked issue asap |
|
Thanks very much for confirming 🙏 |
|
Okay so I should set this to |
|
@Beamanator i've been having some issue with my test account since yesterday, i will make a proposal for the repro steps in #51699 once i get that fixed, this proposal here anyway still the fix for the problem
|
|
@Kalydosos this happens sometimes. Create a new account with the |
|
Issue not reproducible during KI retests. (First week) |
|
@Beamanator @greg-schroeder i have updated my proposal, it was a tough issue with multiple causes. I have given a sumup in the proposal details. Reproduction and evolution on the resolution was not easy as eachstep required waiting some hours but i can say that the different aspects of the issue are taken in consideration by my proposal. Some information (the maximum session idle time allowed by the BE) and a choice of Design for a loading spinner must be made if my proposal is accepted. |
|
@CyberAndrii my bad, you were right on the point that expired token was also send as a cause of the issue. It shouldn't have happen but an old bug allow the code to do so #26034 |
|
@mvtglobally the repro steps will be more like #51699 (comment) |
greg-schroeder
added
the
External
|
Same as above |
|
the issue in #44445 , added in steps3 of proposed repro steps #51699 (comment) is more related to a cache policy/navigator behavior. ND or the navigator tries to load the image from the cache (but the image is not in ND cache for cache partionning reasons) and the navigator does not send the request (therefore the connection only stalling).
One of the images ☝️ displays correctly because i disable the cache at the moment of its download and then i enabled the cache again and the other image couldnt be downloaded. In the same time i can perfectly have both images correctly displayed when i access from another navigator here are some illustrations of the issue BUT the issue is not reproducing anymore in the current stage of changes (i tested using our current PR) but we see requests for the images that are canceled from time to time and because they dont reach the server they raise no errors and thus no gray icons. So we need to found a proper fix for this issue (even though it doesnt impact the UX anymore) as our fix adressed more the session tokens problems. I will then suggest (so thinks @hungvu193) that this issue which seems related to a core feature as caching policy could be adressed in a ticket dedicated to it |
|
This issue has not been updated in over 15 days. @Kalydosos, @rlinoz, @hungvu193, @greg-schroeder eroding to Monthly issue. P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do! |
|
Approved the PR. |
|
Thanks @hungvu193 Work continues on linked PR as Rodrigo requested changes |
|
Merged. Awaiting staging deploy |
melvin-bot
bot
added
Weekly
melvin-bot
bot
changed the title
|
|
|
The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.83-5 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue: If no regressions arise, payment will be issued on 2025-01-18. 🎊 For reference, here are some details about the assignees on this issue:
|
|
@hungvu193 @greg-schroeder @hungvu193 The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed. Please copy/paste the BugZero Checklist from here into a new comment on this GH and complete it. If you have the K2 extension, you can simply click: [this button] |
|
@hungvu193 Nearing the payment date here - can you finish up the checklist? |
|
Sent you an offer for this job @Kalydosos - can you please accept it so I can prepare to pay you on the payment date? Thanks! |
BugZero Checklist:
Bug classificationSource of bug:
Where bug was reported:
Who reported the bug:
Regression Test ProposalTest:Test 1:
Test 2:
Do we agree 👍 or 👎 |
|
Created issue to add regression tests |
|
@greg-schroeder offer accepted. Thanks a lot 👍 |
|
Payment summary: Contributor: @Kalydosos - $500 - Via upwork |
github-project-automation
bot
moved this from CRITICAL
to Done
in [#whatsnext] #quality
|
$500 approved for @hungvu193 |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Version Number: v9.0.56-5
Reproducible in staging?: Yes
Reproducible in production?: Unknown (we assume yes)
Email or phone of affected tester (no customers): dbarret@expensify.com
Logs: https://stackoverflow.com/c/expensify/questions/4856
Issue reported by: @quinthar
Slack conversation #quality
Action Performed:
Expected Result:
There's no error displayed in the network tab when opening a image.
Actual Result:
There's a CORS error when opening an image sent by the current user. (check screenshot)
Issue is not constantly reproducible.
Workaround:
N/A
Platforms:
Which of our officially supported platforms is this issue occurring on?
Screenshots/Videos
View all open jobs on GitHub
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @greg-schroederThe text was updated successfully, but these errors were encountered: