fix: display the overlay during the selfie step of the Bridge KYC flow#650
fix: display the overlay during the selfie step of the Bridge KYC flow#650Nodirbek75 wants to merge 3 commits into
Conversation
islandbitcoin
left a comment
islandbitcoin
left a comment
There was a problem hiding this comment.
Thanks @Nodirbek75 — the approach is right and the change is low-risk. The core fix is the camera enablement, and that's correct:
✅ Makes sense
allowsInlineMediaPlayback+mediaPlaybackRequiresUserAction={false}are exactly what's needed for the selfie camera to initialize inline without a tap gesture — that's almost certainly why the overlay wasn't appearing (no camera stream → no overlay).allowsFullscreenVideo={false}keeps it inline. Good.- Dropping
touch-action: manipulation+ themaximum-scale=1/user-scalable=nolockdown to let the KYC SDK's auto-capture work is reasonable, and you keptinput,textarea,select{font-size:16px}— which is the actual iOS input-zoom guard — so relaxinguser-scalableshouldn't reintroduce the focus-zoom issue. scrollEnabled+ the content-inset flags are sensible for the form/overlay layout.
🟠 One thing to tighten
- The legal-link match went from
url.includes("www.bridge.xyz/legal")→url.includes("/legal"). That nowLinking.openURL()s any URL containing/legalduring the ToS step (e.g. a non-Bridge host). It's low risk (the WebView content is Bridge-controlled), but since it shells out to the external browser, I'd scope it to the host — e.g. checkrequest.urlhost endsWithbridge.xyzand path includes/legal. If the reason for the change is that the links are onbridge.xyz/legal(nowww) or a*.bridge.xyzsubdomain, a host-suffix check covers that cleanly.
🙏 Before merge
- On-device confirmation: this is a camera/overlay fix that can't be verified in code or CI (and there are no checks on this branch). Please confirm on a real iOS device that the selfie overlay renders and auto-capture works — a short screen recording or before/after screenshots in the PR description would make this easy to sign off (the description is currently empty).
- Note this targets
feat/fygaro, notmain— just flagging the stacking is intentional.
Net: code LGTM; happy to approve once the on-device behavior is confirmed and the /legal match is host-scoped (or you confirm you'd rather keep it broad).
The ToS-step handler opened any URL containing '/legal' in the external browser. Restrict it to bridge.xyz (and subdomains) + a /legal path so an unrelated host can't be shelled out via Linking.openURL. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Pushed ```js @Nodirbek75 hope you don't mind me pushing directly. Verified the match against Still outstanding from the review: on-device confirmation that the selfie overlay/auto-capture works (the camera-enablement bits can't be verified in code/CI) — a short screen recording in the description would let this get an approval. |
2 participants
No description provided.