Add referrerPolicy fetch.ts

[hieutomra]

Set referrerPolicy to 'same-origin' rather default strict-origin-when-cross-origin

What changes are proposed in this pull request?

Allow Fiftyone app running behind generic reverse proxy

How is this patch tested? If it is not, please explain why.

Tested on our Fiftyone instance running behind Azure reverse proxy

Release Notes

Fix #4539

Is this a user-facing change that should be mentioned in the release notes?

• No. You can skip the rest of this section.
• Yes. Give a description of this change to be included in the release
  notes for FiftyOne users.

What areas of FiftyOne does this PR affect?

• App: FiftyOne application changes
• Build: Build and test infrastructure changes
• Core: Core fiftyone Python library changes
• Documentation: FiftyOne documentation changes
• Other

Summary by CodeRabbit

• New Features

  • Enhanced fetch functionality with a new referrerPolicy option for improved privacy control.

• Bug Fixes

  • Improved error handling for fetch operations, providing more detailed error information for failed requests.

[coderabbitai]

Walkthrough

The changes made in the fetch.ts file enhance the fetch functionality by adding a referrerPolicy option set to 'same-origin' for fetch calls. Additionally, the error handling logic has been improved to capture and report detailed error information for responses with status codes of 400 or higher. These modifications aim to ensure better compliance with referrer policies and provide more informative error reporting without altering the overall structure of the code.

Changes

File	Change Summary
app/packages/utilities/src/fetch.ts	Added referrerPolicy: 'same-origin' to fetch calls; improved error handling for 400+ responses.

Assessment against linked issues

Objective	Addressed	Explanation
Add Referer header to POST requests (#4539)	✅

🐰 In the land of code, where fetches roam,
A referrerPolicy found a new home.
Errors now whisper, their tales to tell,
With details so rich, they work quite well!
So let’s hop along, with headers so bright,
Our app now dances, in the Azure light! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

app/packages/utilities/src/fetch.ts (2)

275-275: LGTM: Consistent referrer policy for event source.

The addition of referrerPolicy: 'same-origin' to the fetchEventSource call is consistent with the earlier change and ensures that all types of requests follow the same referrer policy. This change further contributes to addressing the issue mentioned in #4539.

Consider extracting the 'same-origin' value to a constant at the top of the file for better maintainability:

+const REFERRER_POLICY = 'same-origin';

// Then use it in both places:
-referrerPolicy: 'same-origin',
+referrerPolicy: REFERRER_POLICY,

This would make it easier to update the policy in the future if needed.

---

Line range hint 1-437: Summary: Referrer policy changes effectively address the PR objectives.

The changes made to this file are focused and consistent, addressing the issue of missing Referer headers in POST requests (issue #4539). By setting referrerPolicy: 'same-origin' for both regular fetch calls and event source requests, the implementation ensures a uniform approach to handling the referrer policy.

These modifications should resolve the problem of requests being blocked by Azure App Service when the FiftyOne app is hosted behind a reverse proxy. However, it's important to thoroughly test the application in various hosting scenarios to ensure no unintended side effects arise from this more restrictive referrer policy.

Consider adding a configuration option to allow users to customize the referrer policy if needed for different hosting environments. This would provide flexibility while maintaining the desired default behavior.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 7a7dfdd and 7089841.

📒 Files selected for processing (1)

• app/packages/utilities/src/fetch.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

app/packages/utilities/src/fetch.ts (1)

Pattern **/*.{ts,tsx}: Review the Typescript and React code for conformity with best practices in React, Recoil, Graphql, and Typescript. Highlight any deviations.

[coderabbitai]

💡 Codebase verification

Duplicate referrerPolicy Found in fetch.ts.

The shell script output indicates that referrerPolicy: 'same-origin' is present twice in app/packages/utilities/src/fetch.ts. Please review to ensure that this duplication is intentional and remove any redundant instances to maintain code clarity and prevent potential conflicts.

🔗 Analysis chain

LGTM: Referrer policy change addresses the issue.

The addition of referrerPolicy: 'same-origin' aligns with the PR objectives and addresses the issue mentioned in #4539 where POST requests were missing the Referer header. This change should help when the app is hosted behind a generic reverse proxy.

To ensure this change doesn't introduce any unintended side effects, please verify that:

1. The app functions correctly when hosted behind different types of reverse proxies.
2. Cross-origin requests, if any, are not negatively impacted.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any other occurrences of referrerPolicy in the codebase
rg "referrerPolicy" --type ts

Length of output: 175

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.18%. Comparing base (bac2d2a) to head (7089841).
Report is 269 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff            @@
##           develop    #4944    +/-   ##
=========================================
  Coverage    99.17%   99.18%            
=========================================
  Files           49       49            
  Lines        17785    17991   +206     
=========================================
+ Hits         17639    17845   +206     
  Misses         146      146            

Flag	Coverage Δ
python	99.18% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.