Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BRO-31] Errors on websites with strict Content Security Policy #459

Merged
merged 6 commits into from
Apr 4, 2024
Merged

[BRO-31] Errors on websites with strict Content Security Policy #459

merged 6 commits into from
Apr 4, 2024

Conversation

Ivan-Mahda
Copy link
Contributor

@Ivan-Mahda Ivan-Mahda commented Apr 2, 2024
edited

Purpose

The injected script attempts to compile and instantiate WebAssembly, which fails when a website uses a Content Security Policy which does not allow for running WebAssembly.
Main reason esbuild does not provide proper tree-shaking and as result unused WebAssembly functions included in to bundle
This can be avoided by importing only functions you need, without importing all module.

Changes

Created yarn patch for @concordium/web-sdk
Now it is possible to import from ./types/ directory, and avoid tree-shaking bug of esbuild

Checklist

  • My code follows the style of this project.
  • The code compiles without warnings.
  • I have performed a self-review of the changes.
  • I have documented my code, in particular the intent of the
    hard-to-understand areas.
  • (If necessary) I have updated the CHANGELOG.

By submitting the contribution I accept the terms and conditions of the
Contributor License Agreement v1.0

@Ivan-Mahda
[BRO-31] Errors on websites with strict Content Security Policy
cb0be1c 
Created yarn patch for @concordium/web-sdk
Now it is possible to import from ./types/ directory, and avoid tree-shaking bug of esbuild
@abizjak
Copy link
Member

abizjak commented Apr 3, 2024

@Ivan-Mahda I will take myself off the reviewers list. Soren and Emil are the experts anyhow.

@abizjak abizjak removed their request for review April 3, 2024 10:57
soerenbf
soerenbf approved these changes Apr 3, 2024
View reviewed changes
Copy link
Collaborator

@soerenbf soerenbf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great detective work @Ivan-Mahda!

It seems that this completely removes the WASM error.. I actually thought we needed to dive into the legacy grpc client and well and do some updates, but seems like that is not needed anyway 🤷

limemloh
limemloh reviewed Apr 3, 2024
View reviewed changes
Copy link
Contributor

@limemloh limemloh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch is nice for now, but I think we should fix it in the SDK straight away as well and then remove this patch again.

.yarn/patches/@concordium-web-sdk-npm-7.3.2-42c2804ca6.patch Outdated Show resolved Hide resolved
.yarn/patches/@concordium-web-sdk-npm-7.3.2-42c2804ca6.patch Outdated Show resolved Hide resolved
@soerenbf
Copy link
Collaborator

soerenbf commented Apr 3, 2024
edited

The patch is nice for now, but I think we should fix it in the SDK straight away as well and then remove this patch again.

I suggested we do this as a yarn patch initially, as I thought we might want to discuss if we want to make the types accessible in this manner in the SDK.

One point of view could be that it worsens the user experience, as fromJSON would trigger n (i.e. the number of wrapper types) suggestions from the typescript LSP along with the code produced being less readable (but maybe these rules are not for us to impose upon others?).

Of course another point of view could be that it enables people to use tools like ESBuild and potentially other tools with less ability to tree-shake than the state-of-the-art bundlers.

Personally, I feel inclined towards the former of the two.. But I don't have any strong opinion on this matter tbh.

What do you think @Ivan-Mahda and @limemloh ?

@limemloh
Copy link
Contributor

limemloh commented Apr 3, 2024
edited

The patch is nice for now, but I think we should fix it in the SDK straight away as well and then remove this patch again.

I suggested we do this as a yarn patch initially, as I thought we might want to discuss if we want to make the types accessible in this manner in the SDK.

One point of view could be that it worsens the user experience, as fromJSON would trigger n (i.e. the number of wrapper types) suggestions from the typescript LSP along with the code produced being less readable (but maybe these rules are not for us to impose upon others?).

Of course another point of view could be that it enables people to use tools like ESBuild and potentially other tools with less ability to tree-shake than the state-of-the-art bundlers.

Personally, I feel inclined towards the former of the two.. But I don't have any strong opinion on this matter tbh.

What do you think @Ivan-Mahda and @limemloh ?

Just wanted to check the experience if we did this, and you are right, it does add a lot of noise:
image
I agree then, let's get this merged and find the best solution for the SDK after

@Ivan-Mahda Ivan-Mahda merged commit b1adbad into main Apr 4, 2024
7 checks passed
@Ivan-Mahda Ivan-Mahda deleted the BRO-31-errors-on-websites-with-strict-content-security-policy branch April 4, 2024 10:20
@limemloh limemloh mentioned this pull request Apr 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@limemloh limemloh limemloh left review comments

@soerenbf soerenbf soerenbf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Ivan-Mahda @abizjak @soerenbf @limemloh