This message was deleted Graphite Community #bug-reports

Join Slack

This message was deleted.

# bug-reports

Slackbot

05/12/2023, 2:34 PM

This message was deleted.

Pranathi Peri

05/12/2023, 2:37 PM

Investigating!

David Balatero

05/12/2023, 3:33 PM

@amonshiz do you get any browser domain security type errors in the console?

David Balatero

05/12/2023, 3:33 PM

CORS, CSP, that sort of shape?

David Balatero

05/12/2023, 3:33 PM

or 4xx errors for loading the image

amonshiz

05/12/2023, 5:17 PM

Will check in a few.

amonshiz

05/12/2023, 7:19 PM

Copy code

<ps://github.com/thebrowsercompany/arc/assets/922840/df889609-a493-432d-9d44-b8157db78738> 404
Image (async)
Tk @ main.ae6bb1b3.js:2
Rk @ main.ae6bb1b3.js:2
Qk @ main.ae6bb1b3.js:2
Il @ main.ae6bb1b3.js:2
Al @ main.ae6bb1b3.js:2
rl @ main.ae6bb1b3.js:2
J @ main.ae6bb1b3.js:2
R @ main.ae6bb1b3.js:2

And the response summary:

Copy code

Request URL: <https://github.com/thebrowsercompany/arc/assets/922840/df889609-a493-432d-9d44-b8157db78738>
Request Method: GET
Status Code: 404 
Remote Address: 140.82.113.3:443
Referrer Policy: strict-origin-when-cross-origin

David Balatero

05/12/2023, 7:58 PM

@amonshiz hm, curl also 404s. i suspect we are not auth'd in to view the image:

Copy code

╰ curl -is <https://github.com/thebrowsercompany/arc/assets/922840/df889609-a493-432d-9d44-b8157db78738>
HTTP/2 404
server: <http://GitHub.com|GitHub.com>
date: Fri, 12 May 2023 19:57:39 GMT

David Balatero

05/12/2023, 7:58 PM

what is the actual repro step? 1. you attach an image via github's PR view 2. you try to view it in graphite 3. it fails?

David Balatero

05/12/2023, 7:59 PM

IIRC if you upload an image via graphite, we put it in our own S3/CDN bucket

amonshiz

05/12/2023, 9:14 PM

This was someone else’s comment. I bet they added that image from the GitHub UI.

David Balatero

05/19/2023, 7:07 PM

after digging in a bit more, the images uploaded via Github's UI cannot be displayed on Graphite due to browser security rules because graphite cannot send an auth cookie when requesting the image (due to not being on the

<http://github.com|github.com>

domain), the image 404s instead of redirecting you to the correct CDN asset i attempted to

<iframe>

the image, but Github (rightfully) blocks this behavior via the Content-Security-Policy on the image my current best idea is that we can detect the 404 error and render a "Sorry, you tried to view a private image, click here to open it in a new tab" component in place of the image. which isn't great, but better than a mysterious broken image

👍 2

Alex Poon

06/06/2023, 1:44 PM

Aren’t pull request bodies available from the github api? I would be surprised if they didn’t have a workaround for a situation like that

David Balatero

06/06/2023, 1:49 PM

i think @Greg found a workaround

Greg

06/06/2023, 1:51 PM

Following up here: we’ve started using image upload urls from the comment/description

bodyHTML

rather than

bodyMarkdown

field - the same as what GitHub does for their VSCode extension. The

bodyHTML

contains presigned upload urls which load on Graphite. We deployed this late Friday, and it’s now live on the site. Please let me know if you find edge cases where this isnt working

✅ 1

David Balatero

06/06/2023, 2:15 PM

there are issues with image flickering, which I will fix shortly

Open in Slack

Previous Next