FAQ and troubleshooting
The page is empty or missing some blocks
A component with an unknown type is skipped in release. Check the type spelling
and the contract version. In a dev build, a placeholder with the type name appears
where the unknown component would be.
The request doesn’t go out / 401
- The URL must be relative and resolve against the manifest origin.
- Credentials go only to the manifest origin — the endpoint must not point at another host.
- On
401the client triesrefreshfrom the vault and retries the request once; if that doesn’t help either — the server returns the sign-in page (the401body).
The form submitted twice
It shouldn’t: every submit carries an Idempotency-Key. Make sure the server
deduplicates requests by this header.
Field validation isn’t highlighted
Return 422 with the body { "errors": { "<field_id>": "text" } }. Other errors
(4xx/5xx) show as a toast; the body format is RFC 9457 (detail / title).
Images don’t load
image.url and icon_url are requested without Authorization (CDN). A private
resource — serve it via a signed URL or make it public.
A third-party API is rejected in source
source is loaded strictly from the manifest origin. An absolute cross-origin URL
is rejected — proxy third-party data through your own origin. See
Data binding.
A destructive button doesn’t work
role: destructive requires action.confirm — add a confirmation dialog.