-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code copy button should check for secure context and indicate to the user if it's not available #1202
Comments
I'm not sure if it's actually worth it: Do you have an environment what's not fitting in here? (Edit: And for your configuration option: |
Thank you for submitting an issue @rmoff! I appreciate your detail in linking various resources. I see two possible paths forward:
I personally am leaning towards the second option; I think many theme users may not be familiar with what "secure context" even is. I imagine this is a one or two-liner.
My understanding here is that this suggestion is to do this at page load; at build-time, we wouldn't know what users will be using the site (and thus, what context they're viewing from). I think this is reasonable, but perhaps less-preferred than the tooltip option - the end user may be able to debug it themselves if they know what's going on. |
Apologies - I noticed I sounded way too blunt in my first reply. I'm afraid a fix implemented at page-load might cause irritation, for example if the button works on one machine (because local context) but doesn't on another one (eg through a local network). An additional "disabled" style for the button would probably work, though it might still never get seen by the page maintainer (uh, grammar 😲 - thx chatgpt!). I personally would prefer a defined state in this case. My first comment was intended to point at the effort required for such change. If I remember correctly, we had one case of insecure context so far, and that happend to the dev implementing this button. This would be the second case, hence my question about more details about this specific environment. Apologies again, and have a great evening! 😴 |
No problem at all @max06, I didn't think you were too blunt - it was a good perspective to add! I think better understanding @rmoff's use-case may also help, like you've stated. I'm assuming that you're serving Just the Docs over HTTP, and that's causing the error - are there any other instances that you've run into? This doesn't affect me personally, but I wonder if local development over (given that many major browsers are pushing users away from HTTP, I'll have to think a little bit about how to best integrate this change gracefully) |
And, just for completeness' sake - happy to review a PR for this. I'd imagine the minimum required change would be: // just-the-docs.js
{%- if site.enable_copy_code_button != false %}
jtd.onReady(function(){
if (!window.isSecureContext) return; // optionally, log something first
// ... In this case, the button is not rendered at all. But, this may not be the best user experience. As I've done some more looking, other approaches that may work:
If anything, I'm leaning slightly towards the second option? I would prefer to not use solutions that rely on deprecated APIs (ex |
Hi both, thanks for the discussion and apologies for the delay replying. @max06 you didn't sound blunt, no worries :)
Yes, my local machine. Running Jeckyll
Thus I click on
In practice I think there's several things to do in order of effort which would all be useful:
2b can be iterated on and is arguably overkill for something which is only going to be affecting local devs and not end-users of JtD (assuming best practice of serving over HTTPS is followed). (1) I can do a PR for now and (2a) is beyond my skillset but would be useful to do if everyone agrees it :) |
I think 1 + 2a sounds great! If you'd like to submit a PR for 1, glad to review it; if not, I can add it to my backlog. I can take on 2a (unless someone else is interested - in that case, go for it!) |
Sounds good, I'll do that. |
Implements point (2a) of #1202 ## Secure context - behaviour unchanged ![image](https://user-images.githubusercontent.com/3671582/232823898-1b683b51-20ca-4e79-91cc-d543ae76aacd.png) ## Unsecure context - copy icon not shown and console message logged ![image](https://user-images.githubusercontent.com/3671582/232823972-94e2ef83-e526-4ca3-b16f-5f0f4243b50c.png)
IIUC the
writeText
function is only available when the page is viewed in a secure context (src, src).This means that it fails in other situations, e.g. over HTTP. The following is logged in the console:
It would be useful for the code to detect if it is a secure context and if so show the copy icon greyed out with a tooltip to indicate why (or make it configurable with the other option being to not render it if not available).
The text was updated successfully, but these errors were encountered: