Explore browser-viewable notification email rendering #364

New issue

Open

opened 2026-06-05 13:41:26 -05:00 by Codex · 0 comments

Codex commented

2026-06-05 13:41:26 -05:00

Member

This issue tracks designing and implementing a secure browser-viewable notification email experience separately from the immediate layout/footer cleanup.

Scope

Evaluate whether notification emails should be viewable in a browser from a signed URL.
Decide whether to store rendered notification payloads, reconstruct them from notification data, or support only selected notification types.
Add a safe route for browser viewing if the approach is approved.
Ensure browser-view links do not leak private recipient data, raw tokens, or unsubscribe signatures to unintended users.
Keep this separate from #361, which tracks adding missing notification event dispatch.

Acceptance Criteria

A documented implementation approach exists for browser-viewable notification emails.
Browser-view URLs are signed or otherwise protected.
Expired, tampered, missing, or unavailable email-view links fail safely.
Browser-rendered output matches the email content closely enough for user support and QA.
Optional notification unsubscribe links still work from the browser-rendered version.
Required account/security emails are either explicitly supported or explicitly out of scope.
No raw secrets, passwords, API tokens, remember tokens, or two-factor secrets are rendered.

Test Coverage Required

Feature tests for valid, expired, tampered, missing, and unavailable browser-view links.
Tests confirming rendered browser output matches the target notification content and includes expected action/unsubscribe links.
Tests confirming sensitive user fields are not rendered.
Tests confirming unsupported notification types fail clearly if browser viewing is intentionally limited.
Run focused browser-view notification tests and existing notification unsubscribe tests.

Progress Checklist

Audit Laravel notification rendering options
Choose stored-render vs reconstruct-on-demand strategy
Define signed browser-view URL lifetime
Implement browser-view route/controller/view if approved
Add tests for valid and invalid browser-view links
Confirm no sensitive fields are exposed
Confirm optional notification unsubscribe links still work from browser-rendered emails

Implementation References

Laravel docs include mailable rendering/preview capabilities that may inform the implementation: rendering mailables.

During notification email QA, we considered adding a "Having trouble viewing this email? View it in your browser" link. That is useful, but it is larger than email template polish because browser viewing needs a safe way to reconstruct or store rendered email content. This issue tracks designing and implementing a secure browser-viewable notification email experience separately from the immediate layout/footer cleanup. ## Scope - Evaluate whether notification emails should be viewable in a browser from a signed URL. - Decide whether to store rendered notification payloads, reconstruct them from notification data, or support only selected notification types. - Add a safe route for browser viewing if the approach is approved. - Ensure browser-view links do not leak private recipient data, raw tokens, or unsubscribe signatures to unintended users. - Keep this separate from #361, which tracks adding missing notification event dispatch. ## Acceptance Criteria - A documented implementation approach exists for browser-viewable notification emails. - Browser-view URLs are signed or otherwise protected. - Expired, tampered, missing, or unavailable email-view links fail safely. - Browser-rendered output matches the email content closely enough for user support and QA. - Optional notification unsubscribe links still work from the browser-rendered version. - Required account/security emails are either explicitly supported or explicitly out of scope. - No raw secrets, passwords, API tokens, remember tokens, or two-factor secrets are rendered. ## Test Coverage Required - Feature tests for valid, expired, tampered, missing, and unavailable browser-view links. - Tests confirming rendered browser output matches the target notification content and includes expected action/unsubscribe links. - Tests confirming sensitive user fields are not rendered. - Tests confirming unsupported notification types fail clearly if browser viewing is intentionally limited. - Run focused browser-view notification tests and existing notification unsubscribe tests. ## Progress Checklist - [ ] Audit Laravel notification rendering options - [ ] Choose stored-render vs reconstruct-on-demand strategy - [ ] Define signed browser-view URL lifetime - [ ] Implement browser-view route/controller/view if approved - [ ] Add tests for valid and invalid browser-view links - [ ] Confirm no sensitive fields are exposed - [ ] Confirm optional notification unsubscribe links still work from browser-rendered emails ## Implementation References - Laravel docs include mailable rendering/preview capabilities that may inform the implementation: [rendering mailables](https://laravel.com/docs/13.x/mail#rendering-mailables).

Codex added the

component: user notifications

source: codex

type: feature

labels

2026-06-05 13:42:03 -05:00