CONSOLE-3883: Improve dynamic plugin docs #13637
Conversation
vojtechszocs
commented
Feb 26, 2024
•
vojtechszocs
commented
- Include PatternFly upgrade notes
- Include notes on hosting plugin assets
vojtechszocs
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@vojtechszocs: This pull request references CONSOLE-3883 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@vojtechszocs: This pull request references CONSOLE-3883 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
component/sdk
vojtechszocs
force-pushed
the
improve-plugin-docs
branch
from
9d8f345
to
216bff0
Compare
|
|
||
| ## Serving plugin assets | ||
|
|
||
| Dynamic plugins are deployed on a cluster via OLM operators. Each plugin deployment should include a web |
There was a problem hiding this comment.
It's not required to use an OLM operator, just a good way to deploy and manage your plugin.
There was a problem hiding this comment.
@spadgett Should I rephrase it differently?
There was a problem hiding this comment.
I'd probably just say plugins are deployed as workloads on the cluster.
|
|
||
| **Important!** Make sure to configure your plugin web server to use MIME type `text/javascript` for all | ||
| JS assets to avoid any issues with the `X-Content-Type-Options: nosniff` security header used by Console | ||
| when fetching plugin assets via Bridge URL `/api/plugins/<plugin-name>`. |
There was a problem hiding this comment.
nitpick: I'd leave off the URL path here since that's an implementation detail plugins shouldn't need to know about.
The warning is a great point and important to document. It might be worth mentioning that the plugin template will have the mime types set up properly.
There was a problem hiding this comment.
Agreed, will update.
There was a problem hiding this comment.
just confirming: is it alright if plugin's web server adds application/javascript by default instead of explicitly text/javascript ?? (so far it is working)...
There was a problem hiding this comment.
@SanjalKatiyar Thanks, this actually led me to realize what the core issue was.
Check out https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Console loads dynamic plugin scripts by injecting <script> elements into the main DOM document.
Console Bridge server adds X-Content-Type-Options: nosniff HTTP response header to all plugin asset requests.
Web browsers that comply with X-Content-Type-Options: nosniff header will block <script> initiated requests when the MIME type of requested asset is not valid.
application/javascript is considered to be a legacy JavaScript MIME type but is still a valid one.
Looking further into this, I think it's OK to use a legacy MIME type like application/javascript.
Note that the proper MIME type for JavaScript according to current HTML spec is text/javascript.
The core of the issue is "always make sure to provide a valid mime type for JS assets" so that you won't end up facing errors in the browser like this one
Refused to execute script from 'http://localhost:9000/api/plugins/foo-plugin/some-script.js' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
I will update the README accordingly.
|
|
||
| ### Caching | ||
|
|
||
| The following table lists important plugin assets that must NOT be cached by the plugin web server. |
There was a problem hiding this comment.
Can they be cached if appropriate cache-control headers are returned?
There was a problem hiding this comment.
Yes, AFAIK the Bridge plugin asset proxy endpoint does not do anything special in this regard. cc @jhadvig
There was a problem hiding this comment.
I know @TheRealJon has fixed some caching bugs on the console side. Can we confirm it's still a limitation?
I believe we should be able to handle caching as long as it's done properly by the plugin. If this is really a restriction, we should look at adding cache-busting parameters to the console request to avoid the problem.
There was a problem hiding this comment.
@spadgett Looking into this, all plugin entry scripts are loaded using ?cacheBuster query parameter to circumvent potential caching issues on the server side. This was fixed for OCP Console 4.14 and above.
Given that JSON files should be generally OK to cache (assuming we don't expect their content to change), I think I can remove the whole "Caching" section above then.
| | `plugin-manifest.json` | | | ||
| | `plugin-entry.js` | Applies only to Console plugin SDK versions 0.0.x | | ||
|
|
||
| We generally recommend disabling caching of any JSON resources hosted by the plugin web server. |
There was a problem hiding this comment.
I'm not sure I agree with this. In particular, I'd recommend using caching for i18n message files.
I think the important thing is that caching is set up correctly and we fix any caching bugs on the console side.
There was a problem hiding this comment.
OK, you have a point with the i18n resources not supposed to be changed.
I will remove this line.
|
|
||
| ## Console 4.15 | ||
|
|
||
| All plugins that target OpenShift Console 4.15 should upgrade to PatternFly 5.x to take advantage |
There was a problem hiding this comment.
I'd clarify that this is for plugins that only target 4.15 and newer, not for plugins that want to be compatible with older versions.
There was a problem hiding this comment.
Right, I will update it to be more explicit.
|
/lgtm |
| A dynamic plugin targets one or more versions of OpenShift Console. Each Console version supports | ||
| specific version(s) of [PatternFly](https://www.patternfly.org/) in terms of CSS styling. | ||
|
|
||
| Check the [OpenShift Console Versions vs PatternFly Versions][console-pf-versions] table for |
There was a problem hiding this comment.
@jhadvig This is a reference-style link to console-pf-versions declared at the end of the Markdown document.
[console-pf-versions]: ./README.md#openshift-console-versions-vs-patternfly-versions
jhadvig
added
qe-approved
|
@vojtechszocs: This pull request references CONSOLE-3883 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
frontend/packages/console-dynamic-plugin-sdk/upgrade-PatternFly.md
Outdated
Show resolved
Hide resolved
frontend/packages/console-dynamic-plugin-sdk/upgrade-PatternFly.md
Outdated
Show resolved
Hide resolved
|
/label docs-approved |
openshift-ci
bot
added
the
docs-approved
Co-authored-by: Olivia Payne <opayne@redhat.com>
|
New changes are detected. LGTM label has been removed. |
|
@opayne1 Thank you for your comments, I've applied the suggested changes. |
|
/lgtm |
openshift-ci
bot
added
the
tide/merge-method-squash
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jhadvig, nicolethoen, rhamilto, spadgett, vojtechszocs The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
@vojtechszocs: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build openshift-enterprise-console-container-v4.16.0-202403081048.p0.g77d383d.assembly.stream.el8 for distgit openshift-enterprise-console. |
* Improve dynamic plugin docs * Add section on PF CSS styling * Address review comments * Apply suggestions from code review Co-authored-by: Olivia Payne <opayne@redhat.com> --------- Co-authored-by: Olivia Payne <opayne@redhat.com>
