fix(#562): silence post-login console errors + modernize HTTP client#689
Open
JoshuaVSherman wants to merge 3 commits into
Open
fix(#562): silence post-login console errors + modernize HTTP client#689JoshuaVSherman wants to merge 3 commits into
JoshuaVSherman wants to merge 3 commits into
Conversation
- Set Cross-Origin-Opener-Policy: same-origin-allow-popups on every server response so Google Identity Services' window.closed polling stops emitting COOP violations during the OAuth popup flow. - Drop the deprecated Facebook Like Box iframe (source of the unload / ErrorUtils warnings); keep the existing "Like Us On Facebook" link. - Convert server.js (CommonJS) to server.mjs (ESM); gate app.listen so the module can be imported by tests without binding a port. Update Procfile, CircleCI config, and the eslint ignore list to match. - Replace superagent and axios with native fetch across src and tests; drop both from package.json. Tests now stub global fetch via vi.stubGlobal. - Add test/server.spec.ts (first server coverage) using native fetch against app.listen(0) — no supertest dep needed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Replace the removed Like Box (likebox.php — retired by Meta) with the modern Page Plugin (page.php?tabs=timeline) so the homepage feed renders again. Page Plugin is Meta's supported successor and shows the page's posts, cover, and like button. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Resolves the CircleCI language-server "Job is unused" warning. Behavior is unchanged — CI was already running build via the implicit fallback. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #562.
Summary
Cross-Origin-Opener-Policy: same-origin-allow-popupson every response, so Google Identity Services' popup-flow no longer trips repeatedwindow.closedwarnings post-login.NarrowFacebookFeedandWideFacebookFeednow embedhttps://www.facebook.com/plugins/page.php?...&tabs=timelineinstead of the deprecatedlikebox.php. Page renders the actual FB timeline again, on a supported plugin. (Note: the same FB JS bundle is loaded either way, so the third-partyunload/ErrorUtilsconsole warnings may persist — those originate inside Facebook's iframe and aren't fixable from our code.)server.js→server.mjs(ESM) —app.listenis gated behind a main-module check so vitest can import the app without binding a port. Procfile, CircleCI smoketest, and eslint ignore list updated to match.superagentandaxios, use nativefetch— convertedsrc/lib/fetch.ts,src/App/AppTemplate/GoogleButtons/utils.tsx,src/providers/Content.provider.tsx,src/containers/AdminDashboard/utils.tsx,src/containers/AdminDashboard/pictures.utils.tsx,src/containers/News/utilsN.tsx, plus all corresponding test specs (which now stubglobal.fetchviavi.stubGlobal).test/server.spec.tsuses nativefetchagainst anapp.listen(0)ephemeral port (nosupertestdep) to assert the COOP header is set on responses.workflows: { build-and-test: { jobs: [build] } }block to silence the language-server "Job is unused" warning. No behavior change (CI was using the legacy implicit-build path before).Automated verification (already green locally)
npm run test:lint— cleannpm run typecheck— cleannpm run test:unit— 46 files / 121 tests pass (118 → 121: +2 server tests, +1 fetch non-ok branch)node server.mjsManual testing checklist (please run before merge)
COOP / login (the #562 fix)
npm run build && PORT=7777 node server.mjslocally) and visit the homepage. ConfirmCross-Origin-Opener-Policy: same-origin-allow-popupsis in the response headers (DevTools → Network → click any document → Headers).Cross-Origin-Opener-Policy policy would block the window.closed callwarnings in the console during/after popup close. Login completes successfully.Facebook embed (Page Plugin replacement)
unload/ErrorUtilswarnings — those come from inside the FB iframe and are unrelated to the COOP fix. They are not part of Clean up console errors after login + modernize server & HTTP client #562's success criteria.Endpoints touched by the axios → fetch conversion (most behavior-sensitive area)
For each, confirm functional parity vs. production:
book/one?type=homePageContentetc. — no infinite spinners, content renders).book?type=musicPics/familyPics/youthPics/habitatPics/otherPics).handlePutError(try editing atypethat doesn't exist yet — should auto-create).BackendUrlto a bad host briefly) and verify warning toasts still appear instead of silent failures.Auth flow specifically
BackendUrl/user/auth/googlewithContent-Type: application/json(DevTools → Network → check the request).BackendUrl/user/{id}is fetched withAuthorization: Bearer <token>and the user object hydrates the auth context.Smoketest parity
rm -rf node_modules package-lock.json && npm install --omit=dev && PORT=7777 node server.mjsstarts the server andcurl http://localhost:7777/returns 200 with the COOP header (matches the CircleCI smoketest job).🤖 Generated with Claude Code