WEB-PRIVACY-001B: redact public product-load failures#257
Open
daliu wants to merge 1 commit into
Open
Conversation
✅ Deploy Preview for luminous-fox-7c393f ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #256
Outcome
The public
/shop/:slugroute now treats a rejected product read as untrusted. It discards the rejection and shows exactlyWe could not load this product right now. Please try again later.in an assertive atomic alert.Loading ends on failure. The lookup effect clears stale page state and ignores results from older slugs, so an out-of-order request cannot replace or declassify the current route result. Genuine missing products, successful product displays, and checkout behavior remain unchanged.
Safety invariant
Verification
Old-source red proof:
messagegetter executed and left the page loadingFinal local proof on Node 20:
git diff --check: passed909de1e935297db09ca0d3e13fc26b7587e81e6ffaeadbaa46e049d1e42597c3Scope
Only:
src/pages/shop/ProductDetail.tsxsrc/App.test.jsxdocs/officers/EVENTS_SHOP_MEMBERS.mdOpen commerce #249/#246 paths are disjoint and untouched. The checkout handler is byte-identical to the claimed base.
Officer impact: Visitors and officers receive one plain retry-later instruction without database, provider, account, endpoint, or technical detail. Older in-flight product reads cannot replace the current page result.
Officer documentation:
docs/officers/EVENTS_SHOP_MEMBERS.md, sectionPublic product-detail load failure privacy — SOURCE ONLY, NOT LIVE.Deployment evidence: None yet. This pull request changes source, tests, and documentation only. No release workflow, production website,
runmprc.com, Firebase, database permissions, provider configuration, production data, migration, checkout, or live-behavior action occurred.Residual risk
This source slice does not publish the website, deploy or verify Firebase, change product permissions, configure a provider, or prove live behavior. Those require a separately approved protected release and exact revision checks.