Currently we throw an error when a Safe app with a fully valid manifest is about to be added.
Reason is that we seem to be missing a !
name, description, iconPath and url set in the manifesturl is removed the Safe app can be addedurl)url)url)url)url, it might be nessesary to check all default Safe apps.To discuss: First "soft breaking" this by allowing both, and later on "hard breaking" change.
@rmeissner seems like url attribute should not be mandatory at all. In fact, I think we should remove it completely.
In the docs we are not mention this attribute: https://docs.gnosis.io/safe/docs/sdks_safe_apps/#1-your-safe-app-must-include-a-manifestjson-file[鈥fsqmtgnb1j9fdr9gimptzvaeina25s92iqy37gyqyfwzw8aj.
I can not recall the intention of this attribute, but if it was to refer to the team behind the safe app, the attribute for it should be providedBy.
Am I missing something?
Yes that would be the intented attribute. I am also not sure how much sense it makes to include this mendatory (as any developer can set whatever they want there). As you said, maybe we should just remove the url check and adjust the docs to say, that you can provide an optional providedBy that will be displayed in the interface in the future. (cc @lukasschor )
Not sure if I understood correctly. But providedBy should be required (as outlined in the docs). So shouldn't it be instead of
!!appInfo.url && --> !!appInfo.providedBy &&?
this would break all existing apps (as they don't have this ... probably). Also I am not sure if I would make this required for custom apps (so not the default apps), as we cannot validate what devs are setting there.
agree with Richard!
Got it. We should still keep in mandatory as part of the listing process though. Wasn't aware this has not been properly checked so far. While developers can of course just write whatever they want there, it should be the responsibility of the curator of the default list (now Gnosis and in the future maybe a TCR) to validate this information.
One thing I just discovered: Actually if we allow the url param and safe apps use it in the manifest, this would currently break the safe app, as this url would be used in the iframe:
I think that res.url in line 216 refers to this: https://github.com/gnosis/safe-react/blob/a2bbbf4177f92f31c9a5c3ddafb836b97a87d41f/src/routes/safe/components/Apps/utils.ts#L197, and no the URL from the manifest.
I got confused with that as well.
I tested it and it causes issues.
The appInfo.data contains a url and res contains a url but their are different (one is the url of the app the other of the webpage of the developer)
as you first unwrap res and then appInfo it will overwrite the app url with the web page url
what do you suggest? ~leave it but not as required?~
~we should deprecate it anyways, and encourage users to use providedBy instead~
Edit: I understood it wrong. should we omit the url then?
in any case you should prevent this conflict ... the user might set for any other reason a url in the manifest ... that should not mess with this logic. You could not just unwrap the appInfo object ... or you could delete the url the object. Not sure what a better pattern is 馃 .
I would probably explicitly read the fields from the manifest that we are interested in as they tend to have quite some other fields too (as they are used by react to store information too)
@rmeissner can you try it now?
I can try it later today
Most helpful comment
Got it. We should still keep in mandatory as part of the listing process though. Wasn't aware this has not been properly checked so far. While developers can of course just write whatever they want there, it should be the responsibility of the curator of the default list (now Gnosis and in the future maybe a TCR) to validate this information.