feat(extension): browser extension core for Chrome and Firefox#418
feat(extension): browser extension core for Chrome and Firefox#418oxr463 wants to merge 4 commits into
Conversation
- Add chrome-extension:// and moz-extension:// to CORS allowed origin patterns so the extension can make credentialed requests - Fix UserContext.getUserId() to handle JwtAuthenticationToken (set by oauth2ResourceServer for Bearer token requests) in addition to the existing UserAuthenticationToken (set by the cookie filter); the hard cast was causing a ClassCastException and 500 on all extension API calls
- Mock next/font/google in vitestSetup to fix Libre_Baskerville not-a-function error in app.test.tsx - Always render brand logo in Navbar (remove isMobile conditional that hid it on desktop); drop unused isMobile state and resize effect - Update default avatar test to assert SVG icon presence instead of stale img/src expectation
| if (auth instanceof UserAuthenticationToken uat) { | ||
| return uat.getUserId(); | ||
| } | ||
| if (auth instanceof JwtAuthenticationToken jat) { |
There was a problem hiding this comment.
I am confused why we need this? The idea with code above is there is not a JWT since you already went through the JWT step of spring security?
There was a problem hiding this comment.
This I need to explore tomorrow. I think its okay.
There was a problem hiding this comment.
But I really would rather have the one user authentication context but that would thinking about the JWT filter which I think we have but I would have to check.
| useEffect(() => { | ||
| setIsMobile(window.innerWidth <= 767.98); | ||
|
|
||
| const checkWindowWidth = () => { |
There was a problem hiding this comment.
I have a feeling removing this is going to break mobile views. Will need to investigate. The reason why is we have some custom view port.
There was a problem hiding this comment.
Nope, this was fine. thanks for removing dead code.
R-Sandor
left a comment
R-Sandor
left a comment
There was a problem hiding this comment.
While the sign-in seems to work for firefox, there is an issue with the auth. The bear token filter doesn't succeed when attempting to add a bookmark.
On Firefox Linux the application also doesn't persist the token (maybe?) as each time the extension is opened it requires reauthentication.
Ideally the extension should be able to maintain login in for the life of the JWT.
Please test on your end.
R-Sandor
force-pushed
the
feature/browser-extensions
branch
from
34e0791 to
ffb1aef
Compare
2 participants
Issue number: resolves #417
Checklist
What is the current behavior?
There is no browser extension. Users must navigate to the FindFirst web app, manually enter a URL and title, and select tags to save a bookmark — interrupting their browsing flow.
The repository contained only a non-functional Firefox Manifest V2 stub and an empty Chrome directory.
What is the new behavior?
Authorization: Bearerto work aroundSameSite=Laxblocking on cross-origin requests from extension originssrc/) builds separate Chrome MV3 (dist/chrome/) and Firefox MV3 (dist/firefox/) artifacts via esbuildDoes this introduce a breaking change?
Other information
CORS requirement: The FindFirst API server must return
Access-Control-Allow-OriginandAccess-Control-Allow-Credentials: truefor requests fromchrome-extension://andmoz-extension://origins before the extension can communicate with the backendend-to-end. This may require a server-side change in FindFirst-core.
Docker Compose: The extension is a static build artifact loaded directly into the browser — it does not run as a container. The checklist item is not applicable.