Route Ask AI widget tickets through Help WebView log-attach flow#5330
Open
joashrajin wants to merge 1 commit into
Open
Route Ask AI widget tickets through Help WebView log-attach flow#5330joashrajin wants to merge 1 commit into
joashrajin wants to merge 1 commit into
Conversation
The Ask AI widget on the in-app help WebView is moving to a new dedicated support recipient so widget-originated tickets bypass the AI auto-reply loop. Without this change, the WebView client at HelpPage.kt does not recognize the new recipient and the mailto falls through to the system email composer with no debug.txt attached. Linear: PCDROID-557 - Replace HelpPage.kt's prefix-match allowlist with an exact-equality Set<String> of recognized recipients - Tighten mailto matching from prefix-startsWith (which would also match crafted lookalike domains) to exact equality - Thread the parsed recipient through HelpWebViewClient -> HelpViewModel.getSupportIntent -> Support.shareLogs so the intent's EXTRA_EMAIL reflects the URL the user tapped - Other shareLogs callers (LogsViewModel, StatusViewModel, the feedback intent, the wear-logs intent) continue to default to the existing support recipient via parameter defaults
joashrajin
requested review from
Copilot and
geekygecko
and removed request for
a team and
Copilot
Collaborator
Generated by 🚫 Danger |
5 tasks
joashrajin
added
[Type] Enhancement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The Ask AI widget on the in-app help WebView is moving to a new dedicated support recipient so widget-originated tickets bypass the AI auto-reply loop.
Full context, motivation, and test plan: PCDROID-557.
Today, when a user taps the widget's "contact us here" link inside the in-app Help WebView, HelpWebViewClient intercepts the
mailto:and routes it throughSupport.shareLogs(), which builds anIntent.ACTION_SENDwithdebug.txtattached. The recipient list and outgoing address are hardcoded — so once the widget renders the new recipient, the WebView would stop recognising the link, fall through toonTapUri(), and the user would email the new inbox without debug logs attached.This PR makes the recipient address configurable end-to-end while preserving existing behaviour for every other caller of
shareLogs().Changes
HelpPage.kt— replaced the prefix-match allowlist with an exact-recipientSet<String>(supportRecipients) that now includes the new AI-assistant recipient. Parses the recipient from the matched mailto URL and passes it through. Falls back toonTapUri()for any mailto whose recipient isn't in the set. TheWebViewError"Contact support" button (shown when the help page fails to load) explicitly uses the existing support recipient.HelpViewModel.getSupportIntent()— accepts an optionalrecipient: String(default: existing support recipient) and forwards it.Support.shareLogs()— adds an optionalrecipient: Stringparameter (default: existing support recipient) and uses it forIntent.EXTRA_EMAILinstead of the hardcoded address. Other callers (LogsViewModel,StatusViewModel, thegetFeedbackIntentpath, andemailWearLogsToSupportIntent) are unaffected via the default.Security note
The previous
contactSupportAction.any { url.startsWith(it) }check matched by prefix, so amailto:whose recipient was crafted as<allowlisted>@example.com.attacker.comwould also match. This was harmless before because the to-address was hardcoded — but parsing the recipient from the URL would have made it exploitable. This PR tightens to exact-equality matching against thesupportRecipientsset.Test plan
Full test plan in PCDROID-557. Highlights:
debug.txtattached.debug.txt(regression).WebViewError"Contact support" button (airplane mode → help page fails) still uses the existing recipient (regression).mailto:whose recipient isn't insupportRecipientsfalls through to the system email composer with no log attachment, no crash.Coordination
Draft until the widget HTML swap is timed.
iOS counterpart: Automattic/pocket-casts-ios#4227.