Skip to content

fix: [SDK-4340] skip enqueueing metabox assets for disallowed post types#418

Merged
sherwinski merged 1 commit into
mainfrom
sherwin/sdk-4340
May 14, 2026
Merged

fix: [SDK-4340] skip enqueueing metabox assets for disallowed post types#418
sherwinski merged 1 commit into
mainfrom
sherwin/sdk-4340

Conversation

@sherwinski

@sherwinski sherwinski commented May 14, 2026

Copy link
Copy Markdown
Contributor

One Line Summary

Stop loading the OneSignal metabox JS/CSS on Custom Post Types that aren't enabled in plugin settings, eliminating a Classic Editor console error.

Motivation

SDK-4340: When viewing a Custom Post Type in the Classic Editor that has not been added to "Additional Custom Post Types" in OneSignal settings, a DOM error appeared in the browser console:

OneSignal: required elements are missing in the DOM.

The metabox PHP (onesignal_add_metabox) correctly skipped rendering for disallowed post types, but onesignal_meta_files was registered on admin_print_styles-post.php / admin_print_styles-post-new.php unconditionally, so the metabox JS still loaded and immediately failed its DOM lookup.

Scope

  • Affected: v3/onesignal-metabox/onesignal-metabox.phponesignal_meta_files() now early-returns for disallowed post types using the existing onesignal_is_post_type_allowed() helper (the same gate already used by onesignal_add_metabox()).
  • Not affected: Posts, Pages (when enabled), and any Custom Post Type listed in "Additional Custom Post Types" continue to load the metabox and its assets exactly as before. No change to v2.

Testing

Manual

  1. Leave "Additional Custom Post Types" empty in OneSignal settings.
  2. Register a CPT (e.g. product) and open one in the Classic Editor.
    • Before: console error OneSignal: required elements are missing in the DOM.
    • After: no console error, no metabox (expected).
  3. Add product to "Additional Custom Post Types", reload the edit screen.
    • Metabox renders and behaves as before (segment dropdown, customize content, mobile URL).
  4. Verify Posts and Pages still render the metabox and JS as before.

Unit / Integration

  • composer test — all 69 existing tests pass.

Affected code checklist

  • PHP plugin code (v3/)
  • v2 legacy code
  • JS / CSS assets
  • Build / CI
  • Tests

Checklist

  • Code follows existing style in this file
  • Tested manually in Classic Editor with both allowed and disallowed CPTs
  • No new lint errors introduced
  • Linear ticket linked

@sherwinski
fix: [SDK-4340] skip enqueueing metabox assets for disallowed post types
2e7534b 
When viewing a Custom Post Type that has not been added to "Additional
Custom Post Types" in the OneSignal admin settings, the metabox PHP
correctly skips rendering, but the metabox JS/CSS were still enqueued on
every post edit screen. The JS would then log a console error because
the expected DOM elements (os_update, os_options, etc.) were missing.

Gate the enqueue with the same onesignal_is_post_type_allowed() check
already used to register the metabox so the script only loads when the
metabox is actually present.
claude[bot]
claude Bot reviewed May 14, 2026
View reviewed changes

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — mirrors the existing post-type allow-list gate used by onesignal_add_metabox.

Extended reasoning...

Overview

This PR adds a 4-line early-return in onesignal_meta_files() (v3/onesignal-metabox/onesignal-metabox.php) that skips enqueueing the metabox JS/CSS when the current post type isn't allowed. It uses the existing onesignal_is_post_type_allowed() helper (v3/onesignal-helpers.php:38), which is the same gate already applied by onesignal_add_metabox() and onesignal_save_meta(). The net effect is that the metabox UI and its assets are gated consistently.

Security risks

None. This change is a strict narrowing of when assets are loaded — it removes a code path on disallowed post types, doesn't introduce any new user input handling, capability checks, escaping concerns, or external calls. The helper consults a stored option, not request data.

Level of scrutiny

Low. This is a tiny, mechanical bug fix that reuses an already-vetted helper to close a UX issue (a JS console error on CPTs that aren't enabled). It does not touch auth, the save path, REST API integration, or rendering of trusted/untrusted data.

Other factors

The bug hunting system found no issues. The change is self-contained to one function, follows the established pattern in the file, and the PR description includes both manual reproduction steps and confirmation that the existing 69-test suite passes.

@sherwinski sherwinski requested a review from fadi-george May 14, 2026 05:10
@sherwinski sherwinski merged commit ee9c7b8 into main May 14, 2026
10 checks passed
@sherwinski sherwinski deleted the sherwin/sdk-4340 branch May 14, 2026 18:05
@sherwinski sherwinski mentioned this pull request May 14, 2026
Merged
8 tasks
@github-actions github-actions Bot mentioned this pull request May 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@fadi-george fadi-george fadi-george approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sherwinski @fadi-george