Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase Panda grace period to 24 hours #4405

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Increase Panda grace period to 24 hours #4405

wants to merge 2 commits into from

Conversation

joelochlann
Copy link
Member

@joelochlann joelochlann commented Jan 24, 2025
edited
Loading

What does this change?

The alt text helper in Composer depends on Grid API calls authenticated via Panda. This means after an hour, the alt text helper breaks when the cookie expires. (See this issue from 2015! https://github.com/guardian/workflow/issues/425)

For other API calls within Composer, we are mitigating this problem by extending the Panda grace period (e.g. https://github.com/guardian/flexible-content/pull/4903).

We'd ultimately like all Panda-authed tools to have a 24 hour grace period to allow users to continue using the tool uninterrupted for a working day.

(Detailed background in this Google doc)

How should a reviewer test this change?

It's complicated!

Within the Grid itself

Chrome

The Pandular iframe-based session refresh still works in Chrome, so you will effectively have a never-ending session and you can't easily test this behaviour.

Safari

Safari no longer allows us to send the third-party cookie to Google within the iframe so pandular so does not work. So, before this change, you should see the following after an hour:

Screenshot 2025-01-25 at 00 22 58

After this change, it should carry on working for another 23 hours.

Alternatively, you can test the API call from Composer as described below. Composer has no iframe refresh mechanism (see https://github.com/guardian/flexible-content/issues/1522, opened in 2015 and never closed).

Integration with Composer alt text helper

  • Change grid.api.uri in ~/.gu/flexible-composerbackend.properties to https://api.media.local.dev-gutools.co.uk
  • Run up Composer (main) and the Grid (this branch) locally
  • Verify successful Grid API request by using alt text helper
  • Check cookie expiry (should by one hour) by copying the gutoolsAuth-assym to the clipboard from Chrome Dev Tools and then doing
pbpaste | grep -o '^[^.]*' | base64 --decode | grep -o 'expires=[^&]*' | grep -o '\d*' | sed 's/...$//' | xargs -n1 date -r
  • Wait for cookie expiry, and try alt text helper again

Tested? Documented?

  • Joe note to self: try Grid in Safari and see if it blocks the Pandular iframe session refresh mechanism
  • locally by committer
  • locally by Guardian reviewer
  • on the Guardian's TEST environment
  • relevant documentation added or amended (if needed)

@joelochlann joelochlann requested review from a team as code owners January 24, 2025 16:37
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 24, 2025
edited
Loading

Deploy build 13054 to TEST

All deployment options

From guardian/actions-riff-raff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@joelochlann