#donbowman_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1423747848779989132

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

It's a sandboxed iframe so you can't do much in a ui extension

I wouldn't expect downloads or top-level window control to work

https://docs.stripe.com/stripe-apps/how-ui-extensions-work#global-document-and-window-objects-are-limited

Let me ask a colleague if there's any options here

thank you!

its so close, i have the pdf right there in the javascript

sandbox="allow-downloads"

this is the tag that i need placed on i think

according to https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe#browser_compatibility

but the permissions in the manifest don't seem to expose

Can you share the exact errors you get when both

1. attempting download
2. attempting opening a tab

Have you tried whitelisting the URL in the CSP?

what is 'whitelisting the url in the csp'? The url is stripe dashboard, its not external

i can open a tab, but, i can't use data: as a type, and, the csp doesnt allow enabling it

i can't use data: as a type, and, the csp doesnt allow enabling it
Yeah this piece is what I mean

found violations for connect-src "data:": protocol has to be https, path cannot be empty, publicsuffix: cannot derive eTLD+1 for domain ""

I'm still waiting for my colleague who's more familiar with Stripe apps to get back

is the issue when trying toallow data: in the manifest

Ah ok

with respcet to the error:
"Download is disallowed. The frame initiating or instantiating the download is sandboxed, but the flag ‘allow-downloads’ is not set. See https://www.chromestatus.com/feature/5706745674465280 for more details."

is the error

so i can't open a new tab w/ the data present since data: is blocked, I can't use Link react since data: is blocked, and I can't mark it as download since the sandbox doens't have allow-downloads set, and i don't see a way to enable.
I prefer to do it inline in stripe to avoid having an external service

Hello
Taking over here.
I don't believe we currently support modifying permissions on the iframe that renders the extension
So the options are limited.

One option I can think of is to host the PDF somewhere after you create it and then redirecting to that in a new tab (since you confirmed that you're able to open a new tab)

(we're still waiting on the colleague who is more familiar with Stripe Apps to respond but just throwing out ideas)

its generated in stripe tho

You mean it's a Stripe invoice PDF?

i am creating it in stripe

w/ no external service

Can you share a screenshot or example so that I'm on the same page?

sure. its a really simple thing right now bt

in my view i have:
<Box>
{invoices && invoices.map((invoice) => (
<Box key={invoice.id} css={{ padding: 'small' }}>
<Inline>
<Inline>{invoice.number || invoice.id}</Inline>
<Inline css={{ alignX: 'end' }}>
<Button onPress={async () => await savePDF(invoice)}>Download PDF</Button>
</Inline>
</Inline>
</Box>
))}
</Box>

(current shot at this, doesn't work, it generates and then fails to save)

export async function getPDF(invoice: Stripe.Invoice): Promise<Blob> {
const doc = new jsPDF();
await addLogo(doc);
addCompanyInfo(doc);
addInvoiceHeader(doc, invoice);
addBillToInfo(doc, invoice);
const lineItemsEndY = addLineItems(doc, invoice);
addFooter(doc, invoice, lineItemsEndY);

return doc.output("blob");
}

and the generate is like this

Sorry, what does that download?

I was referring to the "invoice" you're generating

ah you're using https://www.npmjs.com/package/jspdf

i have a standrad stripe invoice, but, i want to generate it w/ some modificiations:

• draft banner across back
• i want to set the supply-date automatically
• i want to not show balance or use balance (since its draft)

yes jspdf is the underlying lib

so this 'helper':

• creates an invoice object in stripe
• populates it w/ my product line items, volumes
• sets the supply - date
• saves as draft
  it then generates a pdf w/ the changes as above

so i believ(?) there is no soluton without having the stripe-app.json have some method to add the allow-downloads annotation to the iframe sandbox, it would be something sort of like the csp.

ALternatively, if it would allow entering data: as a type in the existing csp

but it blocks data: as a type in 'stripe apps start'

Yeah, not the quickest fixes unfortunately. We can file for a feature request but in the meantim, the only option would be to create and host the invoices outside Stripe and use the URL to wire up the download button

or i can write a chrome extension and modify the underlying web page in stripe dashboard i guess.

to add the allow-downloads

I'm not sure if that's possible given iframe restrictions but you can give it a try

chrome extensions walk roughshod over100% of security, changing pages arbitrarily. its a blunt force item 🙂

its not my desire

Yeah I more or so meant I've not tried it myself 😅

if you have an internal system to file a feature request or whatever, that would be nice. thanks for the assistance, i am not sure what i'll try next.

If you want to file it as a feature request, you can do so via
https://support.stripe.com/?contact=true

If not, I'm happy to flag it - yes

i don't believe there is a means to give feature requests there, at least i've not seen one, its just the ai chat bot