XHR fetch when view first becomes visible #14837
Conversation
src/service/xhr-impl.js
Outdated
| @@ -170,30 +167,30 @@ export class Xhr { | |||
| * XHRs are intercepted if all of the following are true: | |||
| * - The AMP doc is in single doc mode | |||
| * - The viewer has the `xhrInterceptor` capability | |||
| * - The Viewer is a trusted viewer or AMP is currently in developement mode | |||
| * - The Viewer is a trusted viewer or ApMP is currently in developement mode | |||
There was a problem hiding this comment.
Nit: AMP, looks like a typo!
test/functional/test-xhr.js
Outdated
| @@ -14,7 +14,7 @@ | |||
| * limitations under the License. | |||
| */ | |||
|
|
|||
| import * as sinon from 'sinon'; | |||
| import * as sinon from 'sinon';; | |||
There was a problem hiding this comment.
Nit: Double semi-colon?
test/functional/test-xhr.js
Outdated
| }); | ||
| ampdocServiceForStub.returns({ | ||
| isSingleDoc: () => false, | ||
| getAmpDoc: () => { return ampdocViewerStub; }, |
There was a problem hiding this comment.
Not a huge deal since this is a test file however I believe you could reduce this down a bit.
ampdocServiceForStub.returns({
isSingleDoc: () => false,
getAmpDoc: () => ampdocViewerStub,
});
| @@ -73,7 +75,17 @@ describe.configure().skipSafari().run('XHR', function() { | |||
| beforeEach(() => { | |||
| sandbox = sinon.sandbox.create(); | |||
| ampdocServiceForStub = sandbox.stub(Services, 'ampdocServiceFor'); | |||
| ampdocServiceForStub.returns({isSingleDoc: () => false}); | |||
| ampdocViewerStub = sandbox.stub(Services, 'viewerForDoc'); | |||
| ampdocViewerStub.returns({ | |||
There was a problem hiding this comment.
Also here:
ampdocViewerStub.returns({
whenFirstVisible: () => Promise.resolve(),
});
|
@jridgewell sending out for early review. i just modified the tests so that existing tests now pass but I need to create a new test as well. |
src/service/xhr-impl.js
Outdated
| /** @private {?./ampdoc-impl.AmpDoc} */ | ||
| this.ampdocSingle_ = | ||
| ampdocService.isSingleDoc() ? ampdocService.getAmpDoc() : null; | ||
| this.ampdocService = Services.ampdocServiceFor(win); |
There was a problem hiding this comment.
The isSingleDoc is still necessary (context).
Also, leave this as a private field, they get minified better.
There was a problem hiding this comment.
hey justin, i know we discussed this a bit yesterday but it might have been under a different context. Do we really need this private field. in my changes you can see that i check if amp is single doc in the fetch call and pass along that info to the methods that need that info. I dont think this private field is needed at all.
There was a problem hiding this comment.
Leaving this as a private is still valuable.
src/service/xhr-impl.js
Outdated
| !Services.viewerForDoc(this.ampdocSingle_).hasBeenVisible()) { | ||
| dev().error('XHR', 'attempted to fetch %s before viewer was visible', | ||
| parseUrl(input).origin != this.win.location.origin) { | ||
| dev().error('XHR', 'attempted to fetch URL from different origin', | ||
| input); | ||
| } |
There was a problem hiding this comment.
This entire if statement can be removed, since we're now waiting for viewer visible regardless.
src/service/xhr-impl.js
Outdated
| }); | ||
| return Services.viewerForDoc(ampdocSingle).whenFirstVisible() | ||
| .then(() => { | ||
| return this.maybeIntercept_(input, init, ampdocSingle); |
There was a problem hiding this comment.
@zhangsu: What are the privacy guarantees of the Gmail interceptor? Does it need us to wait for the doc to be shown?
(Basically, should this be the first call, or should whenFirstVisible be first)
There was a problem hiding this comment.
Thanks for checking with us. Waiting for the email to be shown before firing XHRs sounds good to me since we also want the same level of privacy.
Just curious: what's an example today where XHRs can be fired before the viewer is visible (e.g. in prerender mode)? amp-list shouldn't do that because prerenderAllowed is false, right?
There was a problem hiding this comment.
👍, that makes it safer on our side as well.
what's an example today where XHRs can be fired before the viewer is visible (e.g. in prerender mode)?
Generally, these are bugs. There are exceptions for connecting to the CDN itself (or whatever origin is hosting the page), since they've already received the document request.
amp-list shouldn't do that because prerenderAllowed is false, right?
Correct. The prerenderAllowed is one way to catch them, but we're increasingly getting extensions that need to make requests before layout (ads 🙄, and one other). These make requests in #buildCallback or other earlier lifecycle callbacks, and they sometimes forget to wait for visible.
|
@jridgewell Hey Justin, pls take another look. I made changes to make the check for viewer visibility to encapsulate the logic where other viewer related checks are made as well and ensured that the fetch happens at all times which wasn't the case in my initial change. |
src/service/xhr-impl.js
Outdated
| /** @private {?./ampdoc-impl.AmpDoc} */ | ||
| this.ampdocSingle_ = | ||
| ampdocService.isSingleDoc() ? ampdocService.getAmpDoc() : null; | ||
| this.ampdocService = Services.ampdocServiceFor(win); |
There was a problem hiding this comment.
Leaving this as a private is still valuable.
src/service/xhr-impl.js
Outdated
| // getAmpDoc. | ||
| // TODO(alabiaga): This should be investigated and fixed. | ||
| const ampdoc = this.ampdocService.isSingleDoc() ? | ||
| this.ampdocService.getAmpDoc(this.win.document) : null; |
There was a problem hiding this comment.
The this.win.document is unnecessary for single docs.
There was a problem hiding this comment.
Done. The reason I added it was because I was trying to do away with the isSingleDoc() check..and just make the call getAmpDoc..which was then causing test-bind-impl.js to fail and I was trying to get it to work by passing in the node, though it was not sufficient as the AmpDoc.shellShadowDoc_ was not defined. I wrote a TODO on that line of code as it seems like buggy code to me..or the test is not set up properly. So i believe this is where your initial comment of why this is still required now makes sense...i had to actually debug through the code for it to actually make sense.
src/service/xhr-impl.js
Outdated
| } | ||
| return (this.win.fetch || fetchPolyfill).apply(null, arguments); | ||
| }); | ||
| return this.maybeIntercept_(input, init, ampdoc) |
There was a problem hiding this comment.
No need to pass in ampdoc since it's a property on this. Just access it in the method, and remove its uses in this method.
There was a problem hiding this comment.
fixed to use the assigned property ampdocSingle_ as it was originally.
src/service/xhr-impl.js
Outdated
| maybeIntercept_(input, init) { | ||
| if (!this.ampdocSingle_) { | ||
| maybeIntercept_(input, init, ampdoc) { | ||
| if (!this.ampdocService.isSingleDoc()) { |
There was a problem hiding this comment.
Look at that, we're already accessing it as the property. 😉
There was a problem hiding this comment.
fine you win. reverted to a field property 😄
src/service/xhr-impl.js
Outdated
| return Promise.resolve(); | ||
| } | ||
|
|
||
| const htmlElement = this.ampdocSingle_.getRootNode().documentElement; | ||
| const htmlElement = ampdoc.getRootNode().documentElement; | ||
| const docOptedIn = htmlElement.hasAttribute('allow-xhr-interception'); | ||
| if (!docOptedIn) { | ||
| return Promise.resolve(); |
There was a problem hiding this comment.
Bug: We still need to wait for viewer visible in this case.
src/service/xhr-impl.js
Outdated
| if (!viewer.hasCapability('xhrInterceptor')) { | ||
| return Promise.resolve(); | ||
| } | ||
| return viewer.isTrustedViewer().then(viewerTrusted => { |
There was a problem hiding this comment.
Nit: we can unnest this if we take extract out the "hasCapability" into a separate path.
There was a problem hiding this comment.
unnested hasCapability and docOptedIn checked
…fetching the amp doc. for test test-bind-impl
src/service/xhr-impl.js
Outdated
| @@ -109,7 +109,15 @@ export class Xhr { | |||
| /** @const {!Window} */ | |||
| this.win = win; | |||
|
|
|||
| /** @private */ | |||
There was a problem hiding this comment.
This isn't a property, so can't be @private.
src/service/xhr-impl.js
Outdated
| } | ||
| return viewer.isTrustedViewer(); | ||
| }).then(viewerTrusted => { | ||
| if (!viewerTrusted && !getMode(this.win).development) { |
There was a problem hiding this comment.
Sorry, this lead to confusion when I recommended unnesting. What I meant is that these should be two separate promise chains:
// Shorthand, don't actually write like this
maybeIntercept_(input, init) {
if (!single) return Promise.resolve();
const vis = viewer.whenFirstVisible();
if (!hasCapability) return vis;
return vis.then(() => {
if (!optedIn) {
return false;
}
return viewer.isTrusted()
}).then(trusted => {
if (!trusted) return;
return sendMessage(...);
});
}There was a problem hiding this comment.
@jridgewell no worries. hopefully i got it right this time. otherwise we can discuss in person. thanks
src/service/xhr-impl.js
Outdated
| const docOptedIn = htmlElement.hasAttribute('allow-xhr-interception'); | ||
| const isDevMode = getMode(this.win).development; | ||
| if (!docOptedIn) { | ||
| return Promise.resolve(); |
There was a problem hiding this comment.
Return whenFirstVisible.
There was a problem hiding this comment.
right. Done. Thanks
* fetch when viewer is visible * fetch by default when viewer first becomes visible * fix typo * fixes from kris' comments * more fixes from kris' comments * add test * address jridgewell comments * fix usage of spy * fix xhr, to resolve earlier if not a single doc * fix per justin comment. * minor refactor * get ampdoc fetch with isSingleDoc check to fix dev error thrown when fetching the amp doc. for test test-bind-impl * address jridgewell comments * address jridgewell comments * address comments * return promise fix
jridgewell
moved this from To do
to XSS Injections Caught
in Make Malte, Dima, Justin Happy
jridgewell
moved this from XSS Injections Caught
to Reviewed
in Make Malte, Dima, Justin Happy
Fixes #14685