FixMyStreet: Platform

Version 3.0

by Matthew, on 4 March 2020

Follow the Yellow Line

It has been quite a while since the last release, apologies, but today we are happy to be releasing version 3.0 of the FixMyStreet Platform, which has a number of improvements.

Front end improvements

  • FixMyStreet can now be installed as a progressive web app. This means we’ve added a web manifest (and an admin UI for managing this) and a basic service worker that shows a page if you’re offline, and continues the functionality of allowing staff users to store and view their shortlisted reports offline.

    If you serve your site over HTTPS, you will be able to add the website to your homescreen (browsers may prompt the user) and have it work like an app. This provides us with a solid base on which to continue improving this in future, including hopefully adding functionality such as offline report drafting through the web site.

    Screenshot of mobile filters

  • Various improvements have been made to the site on mobile – the “try again” process is clearer, duplicate suggestions show an inline map, the photo upload message is better, and map filters can now be accessed.

  • Category groups are now used wherever a category list is shown – admin pages, map filters, and so on; and you can pass a filter_category or filter_group parameter to the front page or around page to pre-select that option, which makes it easier to deep link to FixMyStreet from a page or form on another site.

  • Screenshot of map geolocation blue dot

    If you use geolocation, your location will now be displayed on the map, as shown in the screenshot.

  • As asked for a few times on our mailing list, we now use a report’s image as its OpenGraph image on an individual report page when shared.

  • We’ve added XSL to our RSS feeds which means browsers no longer display them as raw XML but as a nice simple web page that explains its purpose. Before and after shots below:

RSS feed before changes, raw XML RSS feed after changes, looks much nicer

Security

All template variables are now automatically escaped by default, to help protect against any future XSS vulnerabilities. We also rotate the user’s session ID after successful login, and scrub the admin description fields.

If any of your own templates outputs a variable that contains HTML that you wish to continue to allow to display as HTML, you will need to alter your template to escape the variable with the safe filter, e.g. [% some_html | safe %].

Admin improvements

  • FixMyStreet now has a new roles system, allowing you to create groups of permissions and apply those roles to users.

    Category edit form screenshot

  • The category edit form has been drastically improved; category names can now be edited, categories can be listed under more than one group, and categories or particular extra questions can disable the reporting form (for e.g. emergency “please call” categories or questions).

  • Two-factor authentication can be used by any staff member, and you can choose to optionally enforce it for all staff.

  • The admin report edit page now stores moderation history, like the front end, and you can now view a user’s admin log history.

  • Heatmap web page

    We’ve added a heatmap dashboard for staff users, which can show hotspots. To enable this, you will need to add heatmap: { yourcobrand: 1 } to your COBRAND_FEATURES configuration.

  • There’s a new “staff only” contact state, for categories that can only be used by staff.

  • Staff users can report as other users even if they only have a name, and can sign other people up to alerts.

Bugfixes

Of course there have been a lot of bugfixes as well. One I remember is when going back to the initial state with popstate, a change event was being triggered on every single option of the filter selects. This led to a lot of change events running on the category/status multi-selects which then needlessly repeated the same activities over and over. This locked up the browser for seconds in locations with many categories. Below is a chart showing browser performance before and after:

Performance chart before bugfix, 12 seconds locked browser Performance chart after bugfix, 0.2 seconds

Development improvements

We’ve upgraded the underlying framework and other packages, added a banner to the staging website/emails to make it obvious when you’re in development, added configuration for admin resending, a Content-Security-Policy header, and stopped hard coding the site name in the database fixture.

Open311 improvements

  • It is now possible for an external Open311 service to POST updates on a report to FixMyStreet, rather than have FixMyStreet poll an external service for updates.

  • Email templates can include a placeholder to include the description fetched from the Open311 server in the update.

  • Private reports are supported, in that an Open311 server can mark a category as private which will then automatically mark all reports sent and received in that category as private.

  • Meta questions added in the admin can be marked as protected so that they won’t be overridden by data fetched from an Open311 server. This is useful for e.g. an “emergency” question that the Open311 server does not care about.

Upgrading

As mentioned above, but it is worth repeating, if any of your own templates outputs a variable that contains HTML that you wish to continue to allow to display as HTML, you will need to alter your template to escape the variable with the safe filter, e.g. [% some_html | safe %].

A full list of changes can be seen in the changelog as usual.

If you have any questions, or problems installing the code, please do get in touch, or post on our mailing list.