Skip to content

fix: kotlin sample frontend crashes on http://0.0.0.0 and quiets HPKE build warnings #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pengying merged 1 commit into from
May 18, 2026
+41 −3
Merged

fix: kotlin sample frontend crashes on http://0.0.0.0 and quiets HPKE build warnings #474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion samples/frontend/src/lib/session.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { randomUUID } from './uuid'

const KEY = 'grid-sample-session-id'

export function getSessionId(): string {
let id = sessionStorage.getItem(KEY)
if (!id) {
id = crypto.randomUUID()
id = randomUUID()
sessionStorage.setItem(KEY, id)
}
return id
Expand Down
12 changes: 12 additions & 0 deletions samples/frontend/src/lib/uuid.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
// crypto.randomUUID() requires a secure context (https or localhost). It throws
// on http://0.0.0.0:8080 in some browsers, which is the host Ktor binds to.
export function randomUUID(): string {
if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {
return crypto.randomUUID()
}
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
const r = (Math.random() * 16) | 0
const v = c === 'x' ? r : (r & 0x3) | 0x8
return v.toString(16)
})
Comment on lines +7 to +11
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Math.random() is not cryptographically secure and produces low-entropy output. This only matters here in the Idempotency-Key usage in ExecuteSignedQuote.tsx: a collision, however unlikely, could cause the server to treat a fresh quote execution as a duplicate of a prior one. For a sample/dev-only path this is acceptable, but worth a comment at the call-site so future readers understand the trade-off.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: samples/frontend/src/lib/uuid.ts
Line: 7-11

Comment:
`Math.random()` is not cryptographically secure and produces low-entropy output. This only matters here in the `Idempotency-Key` usage in `ExecuteSignedQuote.tsx`: a collision, however unlikely, could cause the server to treat a fresh quote execution as a duplicate of a prior one. For a sample/dev-only path this is acceptable, but worth a comment at the call-site so future readers understand the trade-off.

How can I resolve this? If you propose a fix, please make it concise.

Fix in Claude Code

}
3 changes: 2 additions & 1 deletion samples/frontend/src/steps/embeddedWallet/ExecuteSignedQuote.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { useState } from 'react'
import ResponsePanel from '../../components/ResponsePanel'
import { apiPost } from '../../lib/api'
import { randomUUID } from '../../lib/uuid'

interface Props {
quoteId: string | null
Expand Down Expand Up @@ -30,7 +31,7 @@ export default function ExecuteSignedQuote({
const path = `/api/quotes/${encodeURIComponent(quoteId)}/execute`
const data = await apiPost<Record<string, unknown>>(path, undefined, {
'Grid-Wallet-Signature': signature,
'Idempotency-Key': crypto.randomUUID(),
'Idempotency-Key': randomUUID(),
})
setResponse(JSON.stringify(data, null, 2))
onComplete(data)
Expand Down
25 changes: 24 additions & 1 deletion samples/frontend/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,35 @@
import { defineConfig } from 'vite'
import { createLogger, defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
import tailwindcss from '@tailwindcss/vite'

// @hpke/common has a Node <= v18 fallback that does `await import("crypto")`.
// It never executes in browsers (guarded by globalThis.crypto), but Vite logs an
// externalization warning at build time. The same package also ships misplaced
// /* @__PURE__ */ comments that Rollup can't attach. Both are noise; filter them.
const logger = createLogger()
const originalWarn = logger.warn
logger.warn = (msg, opts) => {
if (msg.includes('has been externalized for browser compatibility')) return
originalWarn(msg, opts)
}
Comment on lines +11 to +14
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The logger filter matches any warning that contains 'has been externalized for browser compatibility', which suppresses the message from every dependency — not just @hpke/common. If a future (or existing) package is being externalized for a reason that would cause a real browser runtime error, the build would remain silent about it. The rollupOptions.onwarn handler correctly gates on warning.id?.includes('@hpke/common'); the same scoping should apply here.

Suggested change
logger.warn = (msg, opts) => {
if (msg.includes('has been externalized for browser compatibility')) return
originalWarn(msg, opts)
}
logger.warn = (msg, opts) => {
if (
msg.includes('has been externalized for browser compatibility') &&
msg.includes('@hpke/common')
)
return
originalWarn(msg, opts)
}
Prompt To Fix With AI 
This is a comment left during a code review.
Path: samples/frontend/vite.config.ts
Line: 11-14

Comment:
The logger filter matches any warning that contains `'has been externalized for browser compatibility'`, which suppresses the message from every dependency — not just `@hpke/common`. If a future (or existing) package is being externalized for a reason that would cause a real browser runtime error, the build would remain silent about it. The `rollupOptions.onwarn` handler correctly gates on `warning.id?.includes('@hpke/common')`; the same scoping should apply here.

```suggestion
logger.warn = (msg, opts) => {
  if (
    msg.includes('has been externalized for browser compatibility') &&
    msg.includes('@hpke/common')
  )
    return
  originalWarn(msg, opts)
}
```

How can I resolve this? If you propose a fix, please make it concise.

Fix in Claude Code


export default defineConfig({
plugins: [react(), tailwindcss()],
customLogger: logger,
build: {
outDir: '../kotlin/src/main/resources/static',
emptyOutDir: true,
rollupOptions: {
onwarn(warning, warn) {
if (
warning.code === 'INVALID_ANNOTATION' &&
warning.id?.includes('@hpke/common')
) {
return
}
warn(warning)
},
},
},
server: {
port: 5173,
Expand Down
Loading