zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

webuipoc: add react based UI

Open MZ-AD opened this issue 1 year ago • 20 comments

MZ-AD avatar May 11 '24 14:05 MZ-AD

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

github-actions[bot] avatar May 11 '24 14:05 github-actions[bot]

Tailwind-CSS integrated in this React App

MZ-AD avatar May 11 '24 14:05 MZ-AD

Please create a pull request from a personal repo, otherwise we aren't able to push.

thc202 avatar May 12 '24 06:05 thc202

Please create a pull request from a personal repo, otherwise we aren't able to push.

Earlier I have got PRs merged from Tecvity's fork; is this a recent change?

njmulsqb avatar May 12 '24 10:05 njmulsqb

It's not about merging the PR but pushing to the PR's branch.

thc202 avatar May 12 '24 10:05 thc202

I see, are you guys also willing to contribute to Web GUI?

njmulsqb avatar May 12 '24 11:05 njmulsqb

Yes not only contribute but maintain too.

thc202 avatar May 13 '24 07:05 thc202

Please create a pull request from a personal repo, otherwise we aren't able to push.

I have made a new fork on personal repository, now should I make another PR from new fork after closing this PR?

MZ-AD avatar May 13 '24 13:05 MZ-AD

Since this is near ready I'd keep as is and for following PRs use the new fork.

thc202 avatar May 13 '24 13:05 thc202

Should be updated to pick/use #5446.

thc202 avatar May 14 '24 10:05 thc202

Should be updated to pick/use #5446.

Done

njmulsqb avatar May 14 '24 10:05 njmulsqb

Does it still need to disable the CSP, if so, are the errors as before? Ideally I'd like to see at least one working ZAP API call, even if it is just to get the top level domains from the sites tree.

psiinon avatar May 14 '24 10:05 psiinon

Does it still need to disable the CSP, if so, are the errors as before?

The web app is working fine, the number of errors have reduced after the recent changes (I dont know how) and I can only see two CSP errors in console with UI being loaded properly.

image

P.S. logo is also not loading, could that be related to CSP blockages?

Update: I removed the local build from ZAP home dir and re-copied addon to ZAP which resolved the logo issue.

njmulsqb avatar May 14 '24 10:05 njmulsqb

We've prepared a React app. It calls the API endpoint JSON/core/view/childNodes and prints data using an onClick function (just for POC) Its ready to be merged. image

MZ-AD avatar May 15 '24 13:05 MZ-AD

CSP is not disabled anymore. As for hard-coded URLs so we can use a separate config file that defines the URLs (in-fact there are more code improvements that can be done but thats in my plan in upcoming PRs since this is not the final one)

The concern is, how can do development in the local environment with cross-origin i.e. from localhost:8000 (React's default server) if you just want to specify the endpoint and not host and port?

njmulsqb avatar May 15 '24 16:05 njmulsqb

I dont mind how development is done, as long as when the code is checked in it uses the correct relative paths.

psiinon avatar May 15 '24 16:05 psiinon

I dont mind how development is done, as long as when the code is checked in it uses the correct relative paths.

https://github.com/zaproxy/zap-extensions/pull/5443/commits/f276aa0ee47757095cb3ef10471dd7aae0ca2160 should handle this

njmulsqb avatar May 16 '24 07:05 njmulsqb

Why are the React icons being added? They dont appear to be being used, and we wont need them in the future. Not a big problem, just seem unnecessary..

psiinon avatar May 16 '24 10:05 psiinon

@Moeez905 please remove unused logos

njmulsqb avatar May 16 '24 10:05 njmulsqb

@Moeez905 please remove unused logos

Removed.

MZ-AD avatar May 16 '24 11:05 MZ-AD

PR is ready to be reviewed.

njmulsqb avatar May 22 '24 08:05 njmulsqb

Thank you both!

thc202 avatar May 23 '24 13:05 thc202