-
-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 1242 url preview #1247
base: main
Are you sure you want to change the base?
Issue 1242 url preview #1247
Conversation
Deployed commit |
64685b3
to
aeb4a24
Compare
Deployed commit |
aeb4a24
to
715b5eb
Compare
Deployed commit |
715b5eb
to
99283f7
Compare
Deployed commit |
9a72269
to
3aabb0a
Compare
Deployed commit |
3aabb0a
to
725aeb9
Compare
Deployed commit |
725aeb9
to
b81bea2
Compare
Deployed commit |
app/server/lib/sendAppPage.ts
Outdated
@@ -174,8 +174,8 @@ export function makeSendAppPage({ server, staticDir, tag, testLogin, baseDomain | |||
).join('\n'); | |||
const content = fileContent | |||
.replace("<!-- INSERT WARNING -->", warning) | |||
.replace("<!-- INSERT TITLE -->", getPageTitle(req, config)) | |||
.replace("<!-- INSERT META -->", getPageMetadataHtmlSnippet(config)) | |||
.replace("<!-- INSERT TITLE -->", getPageTitle(config) ?? (translate(req, 'Loading') + "...")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I moved this line of code. I am a bit worried, because this seems to me a bad practice to concatenate a translated string with a punctuation.
I would rather move the ellipsis in the translation. Does it make sense to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes at least for right to left languages.
Deployed commit |
Deployed commit |
Deployed commit |
Deployed commit |
Deployed commit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
static/img/icon-grist.png
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May be use https://github.com/gristlabs/grist-core/blob/main/static/icons/grist.svg instead.
Hey, great work :) Maybe I'm saying this too late but… how about using a more "marketing" approach for og title/images? :) 1. About the image: Most social platforms recommend using a 1200x630px image as og:image, that is generally not just a logo, but something that looks more friendly when sharing the webpage. If you test this with the LinkedIn inspector for example, you see they target a different aspect ratio, as X does, as Facebook does, etc.: Here is quickly made-up example of what we could do instead (not large enough in terms of pixels but with the correct aspect ratio): 2. About the title: I'd argue "Welcome - Grist" is also not that friendly as the main title for sharing purposes and would say having the tagline in it might be better. When showing the website preview card, some platforms show the description, some do not. So I'd say having Sidenote: when testing this with this tool: https://www.bannerbear.com/tools/twitter-card-preview-tool, |
@manuhabitela Thanks for your feedback. As discussed, I take a look of what I can, but I feel like it should not block the review as it is better than what already exist. Still this should be a nice follow-up.
I don't know how this tool works. The only thing I notice is that the preview is not rendered on Twitter, at the contrary of say https://duckduckgo.com I am trying something to fix this. |
You're totally right, my mistake for reporting that late :) |
Deployed commit |
Deployed commit |
Deployed commit |
c353d89
to
7fe7d10
Compare
Deployed commit |
7fe7d10
to
6123999
Compare
Deployed commit |
6123999
to
85aa365
Compare
Deployed commit |
app/server/lib/sendAppPage.ts
Outdated
@@ -24,9 +25,14 @@ import * as fse from 'fs-extra'; | |||
import * as handlebars from 'handlebars'; | |||
import jsesc from 'jsesc'; | |||
import * as path from 'path'; | |||
import difference = require('lodash/difference'); | |||
import { difference, trimEnd } from 'lodash'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some years ago we did a round of optimization on app startup. Turns out, lodash is big! And loading it unqualified takes enough time to matter. Since then, we pivoted from being a desktop app to being a web app, and startup time mattered less. But this will be why you don't see many imports of plain 'lodash'
in Grist (though they have crept in) since if a reviewer is around who remembers this, they'll push back on it. But I count 7 other plain 'lodash'
imports now, so I'm ok giving up and accepting this. Just explaining why lodash/difference was there.
app/server/lib/requestUtils.ts
Outdated
@@ -40,7 +40,7 @@ export function adaptServerUrl(url: URL, req: RequestWithOrg): void { | |||
const reqBaseDomain = parseSubdomain(req.hostname).base; | |||
|
|||
if (process.env.GRIST_SERVE_SAME_ORIGIN === 'true' || req.isCustomHost) { | |||
url.hostname = req.hostname; | |||
url.host = req.headers.host || req.hostname; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is kind of a scary change but it seems logical to use the host rather than hostname. And I remember express being weird about req.host
which it feels like would be the logical thing to use if it were sane? I'm just not confident I know what impact this would have under proxy forwarding, if there could be a subtle difference in support for X-Forwarded-For.
app/server/lib/sendAppPage.ts
Outdated
const translate = (req: express.Request, key: string, args?: any) => req.t(`sendAppPage.${key}`, args); | ||
const { escapeExpression } = handlebars.Utils; | ||
|
||
const translateEscaped = (req: express.Request, key: string, args?: any) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason not to write it as just
function translateEscaped(req, key, args) {
...
}
It would be helpful to add a docstring with the motivation for this method and the problem that it solves.
Tiny thing: often in Grist codebase the pair of variables req and res are used together as express.Request and express.Response. Maybe use a different name than res here?
app/server/lib/sendAppPage.ts
Outdated
const staticBaseUrl = `${staticOrigin}/v/${staticTag}/`; | ||
// APP_STATIC_URL or APP_HOME_URL. | ||
const staticOrigin = staticTag === 'boot' ? '' : (process.env.APP_STATIC_URL || config.homeUrl || ''); | ||
const staticBaseUrl = `${trimEnd(staticOrigin, '/')}/v/${staticTag}/`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another scary change. The motivation was as I now specify the absolute URL for serving static resources (needed for specifying the opengraph icon)
? Do you actually still need this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed the changes that looked scary to you, with the last changes it was indeed not worth the risk, you're right.
Deployed commit |
…ristlabs#1242 When pasting a URL in some app or website that allows previewing the link, for other resources than documents, you were offered an irrelevant description. This patches aims to give a generic description of what is Grist. Co-authored-by: Emmanuel Pelletier <[email protected]>
332f060
to
0e1727d
Compare
Deployed commit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for whittling out some parts that were hard to process. Have one more question, it may be fine.
* @param key The key of the translation (which will be prefixed by `sendAppPage`) | ||
* @param args The args to pass to the translation string (optional) | ||
*/ | ||
function translateEscaped(req: express.Request, key: string, args?: any) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This helper is giving me pause. I guess anything it is used to translate won't be picked up by https://github.com/gristlabs/grist-core/blob/main/buildtools/generate_translation_keys.js - not necessarily a problem, since you can add manually - but makes the eventual garbage collection problem harder of figuring out what keys are no longer used as code changes so they can be dropped.
The escaping, the threat model here is that the translations may be tainted, we can't trust them? This does make sense given how our weblate project is run, it is pretty open. Just going to page @berhalak here for some advice on whether there might be a more systematic way to handle this threat.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can leave this helper for now. I will remove it later and prepare some cleaning mechanism at the build time. Same issue is for client, when someone uses it insecurely (like el.innerHTML = t(....)).
I'm surprised I didn't think of it myself :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@berhalak Right, yeah. Thanks for your feedback, do you want me to create a separate issue for that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @fflorent, Yes please. I'll try to do it asap.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -107,6 +107,7 @@ export const commonUrls = { | |||
formulaSheet: 'https://support.getgrist.com/formula-cheat-sheet', | |||
formulas: 'https://support.getgrist.com/formulas', | |||
forms: 'https://www.getgrist.com/forms/?utm_source=grist-forms&utm_medium=grist-forms&utm_campaign=forms-footer', | |||
openGraphPreviewImage: 'https://grist-static.com/icons/opengraph-preview-image.png', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little concerned about GDPR for European self-hosters opening their instances publicly.
They should have a mechanism to a least offer user deactivation of such url sending data to a third party.
I'm realizing that there is a lot of urls in DINUM and ANCT instances sending IPs data to a third party in GDRP terms.
May be it could be a good Idea to open an issue about that.
Context
When previewing the URL of an instance (say https://docs.getgrist.com/ ) in websites or apps, it simply displays "Loading..." without any further description or images. It's quite confusing.
See #1242 for detailed steps to reproduce.
Proposed solution
statics/img/opengraph-preview-image.png
(introduced in this PR)Grist, the evolution of spreadsheet
, and to[doc name] - Grist
if a document is consulted.Also a technical note: I had to change the way requestUtils deduce the host of the home, so it takes into account the port. Otherwise this test failed with my change, as I now specify the absolute URL for serving static resources (needed for specifying the opengraph icon).
Related issues
Fixes #1242
Has this been tested?
Screenshots / Screencasts
Here is how the preview of the instance link looks like on Signal:
And how it looks like when previewing a document (:warning: Important: it must be shared publicly to obtain this result):
You also may check this website which seems to show the rendering of URL previews on different websites:
https://opengraph.dev/
Home page: https://opengraph.dev/panel?url=https%3A%2F%2Fgrist-fflorent-grist-core-issue-1242-url-preview.fly.dev%2F
Doc page title: https://opengraph.dev/panel?url=https%3A%2F%2Fgrist-fflorent-grist-core-issue-1242-url-preview.fly.dev%2FinSPY9A8z7X3%2FMy-document-title