fix: add webkit messageHandlers polyfill for Instagram iOS browser

Fixes FORMBRICKS-NK

- Add comprehensive polyfill for window.webkit.messageHandlers
- Prevents TypeError when accessing unregistered handlers in Instagram's iOS in-app browser
- Handles three scenarios: webkit missing, messageHandlers missing, or handlers undefined
- Uses Proxy to safely intercept access and return no-op postMessage for missing handlers
- Includes comprehensive test coverage for all scenarios

.github/workflows/translation-check.yml

@@ -6,19 +6,9 @@ permissions:
 on:
   pull_request:
     types: [opened, synchronize, reopened]
-    paths:
-      - "apps/web/**/*.ts"
-      - "apps/web/**/*.tsx"
-      - "apps/web/locales/**/*.json"
-      - "scan-translations.ts"
   push:
     branches:
       - main
-    paths:
-      - "apps/web/**/*.ts"
-      - "apps/web/**/*.tsx"
-      - "apps/web/locales/**/*.json"
-      - "scan-translations.ts"
 
 jobs:
   validate-translations:
@@ -33,30 +23,38 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Check for relevant changes
+        id: changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         with:
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+          filters: |
+            translations:
+              - 'apps/web/**/*.ts'
+              - 'apps/web/**/*.tsx'
+              - 'apps/web/locales/**/*.json'
+              - 'packages/surveys/src/**/*.{ts,tsx}'
+              - 'packages/surveys/locales/**/*.json'
+              - 'packages/email/**/*.{ts,tsx}'
 
       - name: Setup Node.js 22.x
+        if: steps.changes.outputs.translations == 'true'
         uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
         with:
           node-version: 22.x
 
       - name: Install pnpm
+        if: steps.changes.outputs.translations == 'true'
         uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Install dependencies
+        if: steps.changes.outputs.translations == 'true'
         run: pnpm install --config.platform=linux --config.architecture=x64
 
       - name: Validate translation keys
-        run: |
-          echo ""
-          echo "🔍 Validating translation keys..."
-          echo ""
-          pnpm run scan-translations
+        if: steps.changes.outputs.translations == 'true'
+        run: pnpm run scan-translations
 
-      - name: Summary
-        if: success()
-        run: |
-          echo ""
-          echo "✅ Translation validation completed successfully!"
-          echo ""
+      - name: Skip (no translation-related changes)
+        if: steps.changes.outputs.translations != 'true'
+        run: echo "No translation-related files changed — skipping validation."

.husky/pre-commit

@@ -1,40 +1 @@
-# Load environment variables from .env files
-if [ -f .env ]; then
-  set -a
-  . .env
-  set +a
-fi
-
-pnpm lint-staged
-
-# Run Lingo.dev i18n workflow if LINGODOTDEV_API_KEY is set
-if [ -n "$LINGODOTDEV_API_KEY" ]; then
-  echo ""
-  echo "🌍 Running Lingo.dev translation workflow..."
-  echo ""
-  
-  # Run translation generation and validation
-  if pnpm run i18n; then
-    echo ""
-    echo "✅ Translation validation passed"
-    echo ""
-    # Add updated locale files to git
-    git add apps/web/locales/*.json
-  else
-    echo ""
-    echo "❌ Translation validation failed!"
-    echo ""
-    echo "Please fix the translation issues above before committing:"
-    echo "  • Add missing translation keys to your locale files"
-    echo "  • Remove unused translation keys"
-    echo ""
-    echo "Or run 'pnpm i18n' to see the detailed report"
-    echo ""
-    exit 1
-  fi
-else
-  echo ""
-  echo "⚠️  Skipping translation validation: LINGODOTDEV_API_KEY is not set"
-  echo "   (This is expected for community contributors)"
-  echo ""
-fi
+pnpm lint-staged

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/NotificationSwitch.tsx

@@ -30,7 +30,7 @@ export const NotificationSwitch = ({
   const isChecked =
     notificationType === "unsubscribedOrganizationIds"
       ? !notificationSettings.unsubscribedOrganizationIds?.includes(surveyOrProjectOrOrganizationId)
-      : notificationSettings[notificationType][surveyOrProjectOrOrganizationId] === true;
+      : notificationSettings[notificationType]?.[surveyOrProjectOrOrganizationId] === true;
 
   const handleSwitchChange = async () => {
     setIsLoading(true);
@@ -49,8 +49,11 @@ export const NotificationSwitch = ({
         ];
       }
     } else {
-      updatedNotificationSettings[notificationType][surveyOrProjectOrOrganizationId] =
-        !updatedNotificationSettings[notificationType][surveyOrProjectOrOrganizationId];
+      updatedNotificationSettings[notificationType] = {
+        ...updatedNotificationSettings[notificationType],
+        [surveyOrProjectOrOrganizationId]:
+          !updatedNotificationSettings[notificationType]?.[surveyOrProjectOrOrganizationId],
+      };
     }
 
     const updatedNotificationSettingsActionResponse = await updateNotificationSettingsAction({
@@ -78,7 +81,7 @@ export const NotificationSwitch = ({
     ) {
       switch (notificationType) {
         case "alert":
-          if (notificationSettings[notificationType][surveyOrProjectOrOrganizationId] === true) {
+          if (notificationSettings[notificationType]?.[surveyOrProjectOrOrganizationId] === true) {
             handleSwitchChange();
             toast.success(
               t(

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/actions.ts

@@ -1,12 +1,49 @@
 "use server";
 
 import { z } from "zod";
-import { ZIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
-import { getSpreadsheetNameById } from "@/lib/googleSheet/service";
+import { ZId } from "@formbricks/types/common";
+import {
+  TIntegrationGoogleSheets,
+  ZIntegrationGoogleSheets,
+} from "@formbricks/types/integration/google-sheet";
+import { getSpreadsheetNameById, validateGoogleSheetsConnection } from "@/lib/googleSheet/service";
+import { getIntegrationByType } from "@/lib/integration/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 
+const ZValidateGoogleSheetsConnectionAction = z.object({
+  environmentId: ZId,
+});
+
+export const validateGoogleSheetsConnectionAction = authenticatedActionClient
+  .schema(ZValidateGoogleSheetsConnectionAction)
+  .action(async ({ ctx, parsedInput }) => {
+    await checkAuthorizationUpdated({
+      userId: ctx.user.id,
+      organizationId: await getOrganizationIdFromEnvironmentId(parsedInput.environmentId),
+      access: [
+        {
+          type: "organization",
+          roles: ["owner", "manager"],
+        },
+        {
+          type: "projectTeam",
+          projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
+          minPermission: "readWrite",
+        },
+      ],
+    });
+
+    const integration = await getIntegrationByType(parsedInput.environmentId, "googleSheets");
+    if (!integration) {
+      return { data: false };
+    }
+
+    await validateGoogleSheetsConnection(integration as TIntegrationGoogleSheets);
+    return { data: true };
+  });
+
 const ZGetSpreadsheetNameByIdAction = z.object({
   googleSheetIntegration: ZIntegrationGoogleSheets,
   environmentId: z.string(),

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/components/AddIntegrationModal.tsx

@@ -20,6 +20,10 @@ import {
   isValidGoogleSheetsUrl,
 } from "@/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/lib/util";
 import GoogleSheetLogo from "@/images/googleSheetsLogo.png";
+import {
+  GOOGLE_SHEET_INTEGRATION_INSUFFICIENT_PERMISSION,
+  GOOGLE_SHEET_INTEGRATION_INVALID_GRANT,
+} from "@/lib/googleSheet/constants";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { recallToHeadline } from "@/lib/utils/recall";
 import { getElementsFromBlocks } from "@/modules/survey/lib/client-utils";
@@ -118,6 +122,17 @@ export const AddIntegrationModal = ({
     resetForm();
   }, [selectedIntegration, surveys]);
 
+  const showErrorMessageToast = (response: Awaited<ReturnType<typeof getSpreadsheetNameByIdAction>>) => {
+    const errorMessage = getFormattedErrorMessage(response);
+    if (errorMessage === GOOGLE_SHEET_INTEGRATION_INVALID_GRANT) {
+      toast.error(t("environments.integrations.google_sheets.token_expired_error"));
+    } else if (errorMessage === GOOGLE_SHEET_INTEGRATION_INSUFFICIENT_PERMISSION) {
+      toast.error(t("environments.integrations.google_sheets.spreadsheet_permission_error"));
+    } else {
+      toast.error(errorMessage);
+    }
+  };
+
   const linkSheet = async () => {
     try {
       if (!isValidGoogleSheetsUrl(spreadsheetUrl)) {
@@ -129,6 +144,7 @@ export const AddIntegrationModal = ({
       if (selectedElements.length === 0) {
         throw new Error(t("environments.integrations.select_at_least_one_question_error"));
       }
+      setIsLinkingSheet(true);
       const spreadsheetId = extractSpreadsheetIdFromUrl(spreadsheetUrl);
       const spreadsheetNameResponse = await getSpreadsheetNameByIdAction({
         googleSheetIntegration,
@@ -137,13 +153,11 @@ export const AddIntegrationModal = ({
       });
 
       if (!spreadsheetNameResponse?.data) {
-        const errorMessage = getFormattedErrorMessage(spreadsheetNameResponse);
-        throw new Error(errorMessage);
+        showErrorMessageToast(spreadsheetNameResponse);
+        return;
       }
 
       const spreadsheetName = spreadsheetNameResponse.data;
-
-      setIsLinkingSheet(true);
       integrationData.spreadsheetId = spreadsheetId;
       integrationData.spreadsheetName = spreadsheetName;
       integrationData.surveyId = selectedSurvey.id;
@@ -280,7 +294,7 @@ export const AddIntegrationModal = ({
                 <div className="space-y-4">
                   <div>
                     <Label htmlFor="Surveys">{t("common.questions")}</Label>
-                    <div className="mt-1 max-h-[15vh] overflow-x-hidden overflow-y-auto rounded-lg border border-slate-200">
+                    <div className="mt-1 max-h-[15vh] overflow-y-auto overflow-x-hidden rounded-lg border border-slate-200">
                       <div className="grid content-center rounded-lg bg-slate-50 p-3 text-left text-sm text-slate-900">
                         {surveyElements.map((question) => (
                           <div key={question.id} className="my-1 flex items-center space-x-2">

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/components/GoogleSheetWrapper.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { useState } from "react";
+import { useCallback, useEffect, useState } from "react";
 import { TEnvironment } from "@formbricks/types/environment";
 import {
   TIntegrationGoogleSheets,
@@ -8,9 +8,11 @@ import {
 } from "@formbricks/types/integration/google-sheet";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUserLocale } from "@formbricks/types/user";
+import { validateGoogleSheetsConnectionAction } from "@/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/actions";
 import { ManageIntegration } from "@/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/components/ManageIntegration";
 import { authorize } from "@/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/lib/google";
 import googleSheetLogo from "@/images/googleSheetsLogo.png";
+import { GOOGLE_SHEET_INTEGRATION_INVALID_GRANT } from "@/lib/googleSheet/constants";
 import { ConnectIntegration } from "@/modules/ui/components/connect-integration";
 import { AddIntegrationModal } from "./AddIntegrationModal";
 
@@ -35,10 +37,23 @@ export const GoogleSheetWrapper = ({
     googleSheetIntegration ? googleSheetIntegration.config?.key : false
   );
   const [isModalOpen, setIsModalOpen] = useState<boolean>(false);
+  const [showReconnectButton, setShowReconnectButton] = useState<boolean>(false);
   const [selectedIntegration, setSelectedIntegration] = useState<
     (TIntegrationGoogleSheetsConfigData & { index: number }) | null
   >(null);
 
+  const validateConnection = useCallback(async () => {
+    if (!isConnected || !googleSheetIntegration) return;
+    const response = await validateGoogleSheetsConnectionAction({ environmentId: environment.id });
+    if (response?.serverError === GOOGLE_SHEET_INTEGRATION_INVALID_GRANT) {
+      setShowReconnectButton(true);
+    }
+  }, [environment.id, isConnected, googleSheetIntegration]);
+
+  useEffect(() => {
+    validateConnection();
+  }, [validateConnection]);
+
   const handleGoogleAuthorization = async () => {
     authorize(environment.id, webAppUrl).then((url: string) => {
       if (url) {
@@ -64,6 +79,8 @@ export const GoogleSheetWrapper = ({
             setOpenAddIntegrationModal={setIsModalOpen}
             setIsConnected={setIsConnected}
             setSelectedIntegration={setSelectedIntegration}
+            showReconnectButton={showReconnectButton}
+            handleGoogleAuthorization={handleGoogleAuthorization}
             locale={locale}
           />
         </>

apps/web/app/(app)/environments/[environmentId]/workspace/integrations/google-sheets/components/ManageIntegration.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { Trash2Icon } from "lucide-react";
+import { RefreshCcwIcon, Trash2Icon } from "lucide-react";
 import { useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
@@ -12,15 +12,19 @@ import { TUserLocale } from "@formbricks/types/user";
 import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId]/workspace/integrations/actions";
 import { timeSince } from "@/lib/time";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { Alert, AlertButton, AlertDescription } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { EmptyState } from "@/modules/ui/components/empty-state";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 
 interface ManageIntegrationProps {
   googleSheetIntegration: TIntegrationGoogleSheets;
   setOpenAddIntegrationModal: (v: boolean) => void;
   setIsConnected: (v: boolean) => void;
   setSelectedIntegration: (v: (TIntegrationGoogleSheetsConfigData & { index: number }) | null) => void;
+  showReconnectButton: boolean;
+  handleGoogleAuthorization: () => void;
   locale: TUserLocale;
 }
 
@@ -29,6 +33,8 @@ export const ManageIntegration = ({
   setOpenAddIntegrationModal,
   setIsConnected,
   setSelectedIntegration,
+  showReconnectButton,
+  handleGoogleAuthorization,
   locale,
 }: ManageIntegrationProps) => {
   const { t } = useTranslation();
@@ -68,7 +74,17 @@ export const ManageIntegration = ({
 
   return (
     <div className="mt-6 flex w-full flex-col items-center justify-center p-6">
-      <div className="flex w-full justify-end">
+      {showReconnectButton && (
+        <Alert variant="warning" size="small" className="mb-4 w-full">
+          <AlertDescription>
+            {t("environments.integrations.google_sheets.reconnect_button_description")}
+          </AlertDescription>
+          <AlertButton onClick={handleGoogleAuthorization}>
+            {t("environments.integrations.google_sheets.reconnect_button")}
+          </AlertButton>
+        </Alert>
+      )}
+      <div className="flex w-full justify-end space-x-2">
         <div className="mr-6 flex items-center">
           <span className="mr-4 h-4 w-4 rounded-full bg-green-600"></span>
           <span className="text-slate-500">
@@ -77,6 +93,19 @@ export const ManageIntegration = ({
             })}
           </span>
         </div>
+        <TooltipProvider>
+          <Tooltip>
+            <TooltipTrigger asChild>
+              <Button variant="outline" onClick={handleGoogleAuthorization}>
+                <RefreshCcwIcon className="mr-2 h-4 w-4" />
+                {t("environments.integrations.google_sheets.reconnect_button")}
+              </Button>
+            </TooltipTrigger>
+            <TooltipContent>
+              {t("environments.integrations.google_sheets.reconnect_button_tooltip")}
+            </TooltipContent>
+          </Tooltip>
+        </TooltipProvider>
         <Button
           onClick={() => {
             setSelectedIntegration(null);

apps/web/app/api/google-sheet/callback/route.ts

@@ -1,5 +1,6 @@
 import { google } from "googleapis";
 import { getServerSession } from "next-auth";
+import { TIntegrationGoogleSheetsConfig } from "@formbricks/types/integration/google-sheet";
 import { responses } from "@/app/lib/api/response";
 import {
   GOOGLE_SHEETS_CLIENT_ID,
@@ -8,7 +9,7 @@ import {
   WEBAPP_URL,
 } from "@/lib/constants";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
-import { createOrUpdateIntegration } from "@/lib/integration/service";
+import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 
 export const GET = async (req: Request) => {
@@ -42,33 +43,39 @@ export const GET = async (req: Request) => {
   if (!redirect_uri) return responses.internalServerErrorResponse("Google redirect url is missing");
   const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uri);
 
-  let key;
-  let userEmail;
-
-  if (code) {
-    const token = await oAuth2Client.getToken(code);
-    key = token.res?.data;
-
-    // Set credentials using the provided token
-    oAuth2Client.setCredentials({
-      access_token: key.access_token,
-    });
-
-    // Fetch user's email
-    const oauth2 = google.oauth2({
-      auth: oAuth2Client,
-      version: "v2",
-    });
-    const userInfo = await oauth2.userinfo.get();
-    userEmail = userInfo.data.email;
+  if (!code) {
+    return Response.redirect(
+      `${WEBAPP_URL}/environments/${environmentId}/workspace/integrations/google-sheets`
+    );
   }
 
+  const token = await oAuth2Client.getToken(code);
+  const key = token.res?.data;
+  if (!key) {
+    return Response.redirect(
+      `${WEBAPP_URL}/environments/${environmentId}/workspace/integrations/google-sheets`
+    );
+  }
+
+  oAuth2Client.setCredentials({ access_token: key.access_token });
+  const oauth2 = google.oauth2({ auth: oAuth2Client, version: "v2" });
+  const userInfo = await oauth2.userinfo.get();
+  const userEmail = userInfo.data.email;
+
+  if (!userEmail) {
+    return responses.internalServerErrorResponse("Failed to get user email");
+  }
+
+  const integrationType = "googleSheets" as const;
+  const existingIntegration = await getIntegrationByType(environmentId, integrationType);
+  const existingConfig = existingIntegration?.config as TIntegrationGoogleSheetsConfig;
+
   const googleSheetIntegration = {
-    type: "googleSheets" as "googleSheets",
+    type: integrationType,
     environment: environmentId,
     config: {
       key,
-      data: [],
+      data: existingConfig?.data ?? [],
       email: userEmail,
     },
   };

apps/web/app/middleware/endpoint-validator.test.ts

@@ -257,6 +257,7 @@ describe("endpoint-validator", () => {
       expect(isAuthProtectedRoute("/api/v1/client/test")).toBe(false);
       expect(isAuthProtectedRoute("/")).toBe(false);
       expect(isAuthProtectedRoute("/s/survey123")).toBe(false);
+      expect(isAuthProtectedRoute("/p/pretty-url")).toBe(false);
       expect(isAuthProtectedRoute("/c/jwt-token")).toBe(false);
       expect(isAuthProtectedRoute("/health")).toBe(false);
     });
@@ -312,6 +313,19 @@ describe("endpoint-validator", () => {
       expect(isPublicDomainRoute("/c")).toBe(false);
       expect(isPublicDomainRoute("/contact/token")).toBe(false);
     });
+    
+    test("should return true for pretty URL survey routes", () => {
+      expect(isPublicDomainRoute("/p/pretty123")).toBe(true);
+      expect(isPublicDomainRoute("/p/pretty-name-with-dashes")).toBe(true);
+      expect(isPublicDomainRoute("/p/survey_id_with_underscores")).toBe(true);
+      expect(isPublicDomainRoute("/p/abc123def456")).toBe(true);
+    });
+
+    test("should return false for malformed pretty URL survey routes", () => {
+      expect(isPublicDomainRoute("/p/")).toBe(false);
+      expect(isPublicDomainRoute("/p")).toBe(false);
+      expect(isPublicDomainRoute("/pretty/123")).toBe(false);
+    });
 
     test("should return true for client API routes", () => {
       expect(isPublicDomainRoute("/api/v1/client/something")).toBe(true);
@@ -375,6 +389,8 @@ describe("endpoint-validator", () => {
       expect(isAdminDomainRoute("/s/survey-id-with-dashes")).toBe(false);
       expect(isAdminDomainRoute("/c/jwt-token")).toBe(false);
       expect(isAdminDomainRoute("/c/very-long-jwt-token-123")).toBe(false);
+      expect(isAdminDomainRoute("/p/pretty123")).toBe(false);
+      expect(isAdminDomainRoute("/p/pretty-name-with-dashes")).toBe(false);
       expect(isAdminDomainRoute("/api/v1/client/test")).toBe(false);
       expect(isAdminDomainRoute("/api/v2/client/other")).toBe(false);
     });
@@ -390,6 +406,7 @@ describe("endpoint-validator", () => {
       test("should allow public routes on public domain", () => {
         expect(isRouteAllowedForDomain("/s/survey123", true)).toBe(true);
         expect(isRouteAllowedForDomain("/c/jwt-token", true)).toBe(true);
+        expect(isRouteAllowedForDomain("/p/pretty123", true)).toBe(true);
         expect(isRouteAllowedForDomain("/api/v1/client/test", true)).toBe(true);
         expect(isRouteAllowedForDomain("/api/v2/client/other", true)).toBe(true);
         expect(isRouteAllowedForDomain("/health", true)).toBe(true);
@@ -426,6 +443,8 @@ describe("endpoint-validator", () => {
         expect(isRouteAllowedForDomain("/s/survey-id-with-dashes", false)).toBe(false);
         expect(isRouteAllowedForDomain("/c/jwt-token", false)).toBe(false);
         expect(isRouteAllowedForDomain("/c/very-long-jwt-token-123", false)).toBe(false);
+        expect(isRouteAllowedForDomain("/p/pretty123", false)).toBe(false);
+        expect(isRouteAllowedForDomain("/p/pretty-name-with-dashes", false)).toBe(false);
         expect(isRouteAllowedForDomain("/api/v1/client/test", false)).toBe(false);
         expect(isRouteAllowedForDomain("/api/v2/client/other", false)).toBe(false);
       });
@@ -440,6 +459,8 @@ describe("endpoint-validator", () => {
       test("should handle paths with query parameters and fragments", () => {
         expect(isRouteAllowedForDomain("/s/survey123?param=value", true)).toBe(true);
         expect(isRouteAllowedForDomain("/s/survey123#section", true)).toBe(true);
+        expect(isRouteAllowedForDomain("/p/pretty123?param=value", true)).toBe(true);
+        expect(isRouteAllowedForDomain("/p/pretty123#section", true)).toBe(true);
         expect(isRouteAllowedForDomain("/environments/123?tab=settings", true)).toBe(false);
         expect(isRouteAllowedForDomain("/environments/123?tab=settings", false)).toBe(true);
       });
@@ -450,6 +471,7 @@ describe("endpoint-validator", () => {
     describe("URL parsing edge cases", () => {
       test("should handle paths with query parameters", () => {
         expect(isPublicDomainRoute("/s/survey123?param=value&other=test")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123?param=value&other=test")).toBe(true);
         expect(isPublicDomainRoute("/api/v1/client/test?query=data")).toBe(true);
         expect(isPublicDomainRoute("/environments/123?tab=settings")).toBe(false);
         expect(isAuthProtectedRoute("/environments/123?tab=overview")).toBe(true);
@@ -458,12 +480,14 @@ describe("endpoint-validator", () => {
       test("should handle paths with fragments", () => {
         expect(isPublicDomainRoute("/s/survey123#section")).toBe(true);
         expect(isPublicDomainRoute("/c/jwt-token#top")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123#section")).toBe(true);
         expect(isPublicDomainRoute("/environments/123#overview")).toBe(false);
         expect(isAuthProtectedRoute("/organizations/456#settings")).toBe(true);
       });
 
       test("should handle trailing slashes", () => {
         expect(isPublicDomainRoute("/s/survey123/")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123/")).toBe(true);
         expect(isPublicDomainRoute("/api/v1/client/test/")).toBe(true);
         expect(isManagementApiRoute("/api/v1/management/test/")).toEqual({
           isManagementApi: true,
@@ -478,6 +502,9 @@ describe("endpoint-validator", () => {
         expect(isPublicDomainRoute("/s/survey123/preview")).toBe(true);
         expect(isPublicDomainRoute("/s/survey123/embed")).toBe(true);
         expect(isPublicDomainRoute("/s/survey123/thank-you")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123/preview")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123/embed")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty123/thank-you")).toBe(true);
       });
 
       test("should handle nested client API routes", () => {
@@ -529,6 +556,7 @@ describe("endpoint-validator", () => {
       test("should handle special characters in survey IDs", () => {
         expect(isPublicDomainRoute("/s/survey-123_test.v2")).toBe(true);
         expect(isPublicDomainRoute("/c/jwt.token.with.dots")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty-123_test.v2")).toBe(true);
       });
     });
 
@@ -536,6 +564,7 @@ describe("endpoint-validator", () => {
       test("should properly validate malicious or injection-like URLs", () => {
         // SQL injection-like attempts
         expect(isPublicDomainRoute("/s/'; DROP TABLE users; --")).toBe(true); // Still valid survey ID format
+        expect(isPublicDomainRoute("/p/'; DROP TABLE users; --")).toBe(true);
         expect(isManagementApiRoute("/api/v1/management/'; DROP TABLE users; --")).toEqual({
           isManagementApi: true,
           authenticationMethod: AuthenticationMethod.ApiKey,
@@ -543,10 +572,12 @@ describe("endpoint-validator", () => {
 
         // Path traversal attempts
         expect(isPublicDomainRoute("/s/../../../etc/passwd")).toBe(true); // Still matches pattern
+        expect(isPublicDomainRoute("/p/../../../etc/passwd")).toBe(true);
         expect(isAuthProtectedRoute("/environments/../../../etc/passwd")).toBe(true);
 
         // XSS-like attempts
         expect(isPublicDomainRoute("/s/<script>alert('xss')</script>")).toBe(true);
+        expect(isPublicDomainRoute("/p/<script>alert('xss')</script>")).toBe(true);
         expect(isClientSideApiRoute("/api/v1/client/<script>alert('xss')</script>")).toEqual({
           isClientSideApi: true,
           isRateLimited: true,
@@ -556,6 +587,7 @@ describe("endpoint-validator", () => {
       test("should handle URL encoding", () => {
         expect(isPublicDomainRoute("/s/survey%20123")).toBe(true);
         expect(isPublicDomainRoute("/c/jwt%2Etoken")).toBe(true);
+        expect(isPublicDomainRoute("/p/pretty%20123")).toBe(true);
         expect(isAuthProtectedRoute("/environments%2F123")).toBe(true);
         expect(isManagementApiRoute("/api/v1/management/test%20route")).toEqual({
           isManagementApi: true,
@@ -591,6 +623,7 @@ describe("endpoint-validator", () => {
         // These should not match due to case sensitivity
         expect(isPublicDomainRoute("/S/survey123")).toBe(false);
         expect(isPublicDomainRoute("/C/jwt-token")).toBe(false);
+        expect(isPublicDomainRoute("/P/pretty123")).toBe(false);
         expect(isClientSideApiRoute("/API/V1/CLIENT/test")).toEqual({
           isClientSideApi: false,
           isRateLimited: true,

apps/web/app/middleware/route-config.ts

@@ -7,6 +7,7 @@ const PUBLIC_ROUTES = {
   SURVEY_ROUTES: [
     /^\/s\/[^/]+/, // /s/[surveyId] - survey pages
     /^\/c\/[^/]+/, // /c/[jwt] - contact survey pages
+    /^\/p\/[^/]+/, // /p/[prettyUrl] - pretty URL pages
   ],
 
   // API routes accessible from public domain

apps/web/i18n.lock

@@ -711,7 +711,12 @@ checksums:
     environments/integrations/google_sheets/link_google_sheet: fa78146ae26ce5b1d2aaf2678f628943
     environments/integrations/google_sheets/link_new_sheet: 8ad2ea8708f50ed184c00b84577b325e
     environments/integrations/google_sheets/no_integrations_yet: ea46f7747937baf48a47a4c1b1776aee
+    environments/integrations/google_sheets/reconnect_button: 8992a0f250278c116cb26be448b68ba2
+    environments/integrations/google_sheets/reconnect_button_description: 851fd2fda57211293090f371d5b2c734
+    environments/integrations/google_sheets/reconnect_button_tooltip: 210dd97470fde8264d2c076db3c98fde
+    environments/integrations/google_sheets/spreadsheet_permission_error: 94f0007a187d3b9a7ab8200fe26aad20
     environments/integrations/google_sheets/spreadsheet_url: b1665f96e6ecce23ea2d9196f4a3e5dd
+    environments/integrations/google_sheets/token_expired_error: 555d34c18c554ec8ac66614f21bd44fc
     environments/integrations/include_created_at: 8011355b13e28e638d74e6f3d68a2bbf
     environments/integrations/include_hidden_fields: 25f0ea5ca1c6ead2cd121f8754cb8d72
     environments/integrations/include_metadata: 750091d965d7cc8d02468b5239816dc5

apps/web/lib/googleSheet/constants.ts

@@ -0,0 +1,6 @@
+/**
+ * Error codes returned by Google Sheets integration.
+ * Use these constants when comparing error responses to avoid typos and enable reuse.
+ */
+export const GOOGLE_SHEET_INTEGRATION_INVALID_GRANT = "invalid_grant";
+export const GOOGLE_SHEET_INTEGRATION_INSUFFICIENT_PERMISSION = "insufficient_permission";

apps/web/lib/googleSheet/service.ts

@@ -2,7 +2,12 @@ import "server-only";
 import { Prisma } from "@prisma/client";
 import { z } from "zod";
 import { ZString } from "@formbricks/types/common";
-import { DatabaseError, UnknownError } from "@formbricks/types/errors";
+import {
+  AuthenticationError,
+  DatabaseError,
+  OperationNotAllowedError,
+  UnknownError,
+} from "@formbricks/types/errors";
 import {
   TIntegrationGoogleSheets,
   ZIntegrationGoogleSheets,
@@ -11,8 +16,12 @@ import {
   GOOGLE_SHEETS_CLIENT_ID,
   GOOGLE_SHEETS_CLIENT_SECRET,
   GOOGLE_SHEETS_REDIRECT_URL,
+  GOOGLE_SHEET_MESSAGE_LIMIT,
 } from "@/lib/constants";
-import { GOOGLE_SHEET_MESSAGE_LIMIT } from "@/lib/constants";
+import {
+  GOOGLE_SHEET_INTEGRATION_INSUFFICIENT_PERMISSION,
+  GOOGLE_SHEET_INTEGRATION_INVALID_GRANT,
+} from "@/lib/googleSheet/constants";
 import { createOrUpdateIntegration } from "@/lib/integration/service";
 import { truncateText } from "../utils/strings";
 import { validateInputs } from "../utils/validate";
@@ -81,6 +90,17 @@ export const writeData = async (
   }
 };
 
+export const validateGoogleSheetsConnection = async (
+  googleSheetIntegrationData: TIntegrationGoogleSheets
+): Promise<void> => {
+  validateInputs([googleSheetIntegrationData, ZIntegrationGoogleSheets]);
+  const integrationData = structuredClone(googleSheetIntegrationData);
+  integrationData.config.data.forEach((data) => {
+    data.createdAt = new Date(data.createdAt);
+  });
+  await authorize(integrationData);
+};
+
 export const getSpreadsheetNameById = async (
   googleSheetIntegrationData: TIntegrationGoogleSheets,
   spreadsheetId: string
@@ -94,7 +114,17 @@ export const getSpreadsheetNameById = async (
     return new Promise((resolve, reject) => {
       sheets.spreadsheets.get({ spreadsheetId }, (err, response) => {
         if (err) {
-          reject(new UnknownError(`Error while fetching spreadsheet data: ${err.message}`));
+          const msg = err.message?.toLowerCase() ?? "";
+          const isPermissionError =
+            msg.includes("permission") ||
+            msg.includes("caller does not have") ||
+            msg.includes("insufficient permission") ||
+            msg.includes("access denied");
+          if (isPermissionError) {
+            reject(new OperationNotAllowedError(GOOGLE_SHEET_INTEGRATION_INSUFFICIENT_PERMISSION));
+          } else {
+            reject(new UnknownError(`Error while fetching spreadsheet data: ${err.message}`));
+          }
           return;
         }
         const spreadsheetTitle = response.data.properties.title;
@@ -109,26 +139,70 @@ export const getSpreadsheetNameById = async (
   }
 };
 
+const isInvalidGrantError = (error: unknown): boolean => {
+  const err = error as { message?: string; response?: { data?: { error?: string } } };
+  return (
+    typeof err?.message === "string" &&
+    err.message.toLowerCase().includes(GOOGLE_SHEET_INTEGRATION_INVALID_GRANT)
+  );
+};
+
+/** Buffer in ms before expiry_date to consider token near-expired (5 minutes). */
+const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000;
+
+const GOOGLE_TOKENINFO_URL = "https://www.googleapis.com/oauth2/v1/tokeninfo";
+
+/**
+ * Verifies that the access token is still valid and not revoked (e.g. user removed app access).
+ * Returns true if token is valid, false if invalid/revoked.
+ */
+const isAccessTokenValid = async (accessToken: string): Promise<boolean> => {
+  try {
+    const res = await fetch(`${GOOGLE_TOKENINFO_URL}?access_token=${encodeURIComponent(accessToken)}`);
+    return res.ok;
+  } catch {
+    return false;
+  }
+};
+
 const authorize = async (googleSheetIntegrationData: TIntegrationGoogleSheets) => {
   const client_id = GOOGLE_SHEETS_CLIENT_ID;
   const client_secret = GOOGLE_SHEETS_CLIENT_SECRET;
   const redirect_uri = GOOGLE_SHEETS_REDIRECT_URL;
   const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uri);
-  const refresh_token = googleSheetIntegrationData.config.key.refresh_token;
-  oAuth2Client.setCredentials({
-    refresh_token,
-  });
-  const { credentials } = await oAuth2Client.refreshAccessToken();
-  await createOrUpdateIntegration(googleSheetIntegrationData.environmentId, {
-    type: "googleSheets",
-    config: {
-      data: googleSheetIntegrationData.config?.data ?? [],
-      email: googleSheetIntegrationData.config?.email ?? "",
-      key: credentials,
-    },
-  });
+  const key = googleSheetIntegrationData.config.key;
 
-  oAuth2Client.setCredentials(credentials);
+  const hasStoredCredentials =
+    key.access_token && key.expiry_date && key.expiry_date > Date.now() + TOKEN_EXPIRY_BUFFER_MS;
 
-  return oAuth2Client;
+  if (hasStoredCredentials && (await isAccessTokenValid(key.access_token))) {
+    oAuth2Client.setCredentials(key);
+    return oAuth2Client;
+  }
+
+  oAuth2Client.setCredentials({ refresh_token: key.refresh_token });
+
+  try {
+    const { credentials } = await oAuth2Client.refreshAccessToken();
+    const mergedCredentials = {
+      ...credentials,
+      refresh_token: credentials.refresh_token ?? key.refresh_token,
+    };
+    await createOrUpdateIntegration(googleSheetIntegrationData.environmentId, {
+      type: "googleSheets",
+      config: {
+        data: googleSheetIntegrationData.config?.data ?? [],
+        email: googleSheetIntegrationData.config?.email ?? "",
+        key: mergedCredentials,
+      },
+    });
+
+    oAuth2Client.setCredentials(mergedCredentials);
+    return oAuth2Client;
+  } catch (error) {
+    if (isInvalidGrantError(error)) {
+      throw new AuthenticationError(GOOGLE_SHEET_INTEGRATION_INVALID_GRANT);
+    }
+    throw error;
+  }
 };

apps/web/locales/de-DE.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Tabelle verlinken",
         "link_new_sheet": "Neues Blatt verknüpfen",
         "no_integrations_yet": "Deine verknüpften Tabellen werden hier angezeigt, sobald Du sie hinzufügst ⏲️",
-        "spreadsheet_url": "Tabellen-URL"
+        "reconnect_button": "Erneut verbinden",
+        "reconnect_button_description": "Deine Google Sheets-Verbindung ist abgelaufen. Bitte verbinde dich erneut, um weiterhin Antworten zu synchronisieren. Deine bestehenden Tabellen-Links und Daten bleiben erhalten.",
+        "reconnect_button_tooltip": "Verbinde die Integration erneut, um deinen Zugriff zu aktualisieren. Deine bestehenden Tabellen-Links und Daten bleiben erhalten.",
+        "spreadsheet_permission_error": "Du hast keine Berechtigung, auf diese Tabelle zuzugreifen. Bitte stelle sicher, dass die Tabelle mit deinem Google-Konto geteilt ist und du Schreibzugriff auf die Tabelle hast.",
+        "spreadsheet_url": "Tabellen-URL",
+        "token_expired_error": "Das Google Sheets-Aktualisierungstoken ist abgelaufen oder wurde widerrufen. Bitte verbinde die Integration erneut."
       },
       "include_created_at": "Erstellungsdatum einbeziehen",
       "include_hidden_fields": "Versteckte Felder (hidden fields) einbeziehen",

apps/web/locales/en-US.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Link Google Sheet",
         "link_new_sheet": "Link new Sheet",
         "no_integrations_yet": "Your google sheet integrations will appear here as soon as you add them. ⏲️",
-        "spreadsheet_url": "Spreadsheet URL"
+        "reconnect_button": "Reconnect",
+        "reconnect_button_description": "Your Google Sheets connection has expired. Please reconnect to continue syncing responses. Your existing spreadsheet links and data will be preserved.",
+        "reconnect_button_tooltip": "Reconnect the integration to refresh your access. Your existing spreadsheet links and data will be preserved.",
+        "spreadsheet_permission_error": "You don't have permission to access this spreadsheet. Please ensure the spreadsheet is shared with your Google account and you have write access to the spreadsheet.",
+        "spreadsheet_url": "Spreadsheet URL",
+        "token_expired_error": "Google Sheets refresh token has expired or been revoked. Please reconnect the integration."
       },
       "include_created_at": "Include Created At",
       "include_hidden_fields": "Include Hidden Fields",

apps/web/locales/es-ES.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Vincular Google Sheet",
         "link_new_sheet": "Vincular nueva hoja",
         "no_integrations_yet": "Tus integraciones de Google Sheet aparecerán aquí tan pronto como las añadas. ⏲️",
-        "spreadsheet_url": "URL de la hoja de cálculo"
+        "reconnect_button": "Reconectar",
+        "reconnect_button_description": "Tu conexión con Google Sheets ha caducado. Reconecta para continuar sincronizando respuestas. Tus enlaces de hojas de cálculo y datos existentes se conservarán.",
+        "reconnect_button_tooltip": "Reconecta la integración para actualizar tu acceso. Tus enlaces de hojas de cálculo y datos existentes se conservarán.",
+        "spreadsheet_permission_error": "No tienes permiso para acceder a esta hoja de cálculo. Asegúrate de que la hoja de cálculo esté compartida con tu cuenta de Google y de que tengas acceso de escritura a la hoja de cálculo.",
+        "spreadsheet_url": "URL de la hoja de cálculo",
+        "token_expired_error": "El token de actualización de Google Sheets ha caducado o ha sido revocado. Reconecta la integración."
       },
       "include_created_at": "Incluir fecha de creación",
       "include_hidden_fields": "Incluir campos ocultos",

apps/web/locales/fr-FR.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Lien Google Sheet",
         "link_new_sheet": "Lier une nouvelle feuille",
         "no_integrations_yet": "Vos intégrations Google Sheets apparaîtront ici dès que vous les ajouterez. ⏲️",
-        "spreadsheet_url": "URL de la feuille de calcul"
+        "reconnect_button": "Reconnecter",
+        "reconnect_button_description": "Votre connexion Google Sheets a expiré. Veuillez vous reconnecter pour continuer à synchroniser les réponses. Vos liens de feuilles de calcul et données existants seront préservés.",
+        "reconnect_button_tooltip": "Reconnectez l'intégration pour actualiser votre accès. Vos liens de feuilles de calcul et données existants seront préservés.",
+        "spreadsheet_permission_error": "Vous n'avez pas la permission d'accéder à cette feuille de calcul. Veuillez vous assurer que la feuille de calcul est partagée avec votre compte Google et que vous disposez d'un accès en écriture.",
+        "spreadsheet_url": "URL de la feuille de calcul",
+        "token_expired_error": "Le jeton d'actualisation Google Sheets a expiré ou a été révoqué. Veuillez reconnecter l'intégration."
       },
       "include_created_at": "Inclure la date de création",
       "include_hidden_fields": "Inclure les champs cachés",

apps/web/locales/hu-HU.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Google Táblázatok összekapcsolása",
         "link_new_sheet": "Új táblázat összekapcsolása",
         "no_integrations_yet": "A Google Táblázatok integrációi itt fognak megjelenni, amint hozzáadja azokat. ⏲️",
-        "spreadsheet_url": "Táblázat URL-e"
+        "reconnect_button": "Újrakapcsolódás",
+        "reconnect_button_description": "A Google Táblázatok kapcsolata lejárt. Kérjük, csatlakozzon újra a válaszok szinkronizálásának folytatásához. A meglévő táblázathivatkozások és adatok megmaradnak.",
+        "reconnect_button_tooltip": "Csatlakoztassa újra az integrációt a hozzáférés frissítéséhez. A meglévő táblázathivatkozások és adatok megmaradnak.",
+        "spreadsheet_permission_error": "Nincs jogosultsága a táblázat eléréséhez. Kérjük, győződjön meg arról, hogy a táblázat meg van osztva a Google-fiókjával, és írási jogosultsággal rendelkezik a táblázathoz.",
+        "spreadsheet_url": "Táblázat URL-e",
+        "token_expired_error": "A Google Táblázatok frissítési tokenje lejárt vagy visszavonásra került. Kérjük, csatlakoztassa újra az integrációt."
       },
       "include_created_at": "Létrehozva felvétele",
       "include_hidden_fields": "Rejtett mezők felvétele",

apps/web/locales/ja-JP.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "スプレッドシートをリンク",
         "link_new_sheet": "新しいシートをリンク",
         "no_integrations_yet": "Google スプレッドシート連携は、追加するとここに表示されます。⏲️",
-        "spreadsheet_url": "スプレッドシートURL"
+        "reconnect_button": "再接続",
+        "reconnect_button_description": "Google Sheetsの接続が期限切れになりました。回答の同期を続けるには再接続してください。既存のスプレッドシートリンクとデータは保持されます。",
+        "reconnect_button_tooltip": "統合を再接続してアクセスを更新します。既存のスプレッドシートリンクとデータは保持されます。",
+        "spreadsheet_permission_error": "このスプレッドシートにアクセスする権限がありません。スプレッドシートがGoogleアカウントと共有されており、書き込みアクセス権があることを確認してください。",
+        "spreadsheet_url": "スプレッドシートURL",
+        "token_expired_error": "Google Sheetsのリフレッシュトークンが期限切れになったか、取り消されました。統合を再接続してください。"
       },
       "include_created_at": "作成日時を含める",
       "include_hidden_fields": "非表示フィールドを含める",

apps/web/locales/nl-NL.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Link Google Spreadsheet",
         "link_new_sheet": "Nieuw blad koppelen",
         "no_integrations_yet": "Uw Google Spreadsheet-integraties verschijnen hier zodra u ze toevoegt. ⏲️",
-        "spreadsheet_url": "Spreadsheet-URL"
+        "reconnect_button": "Maak opnieuw verbinding",
+        "reconnect_button_description": "Je Google Sheets-verbinding is verlopen. Maak opnieuw verbinding om door te gaan met het synchroniseren van antwoorden. Je bestaande spreadsheetlinks en gegevens blijven behouden.",
+        "reconnect_button_tooltip": "Maak opnieuw verbinding met de integratie om je toegang te vernieuwen. Je bestaande spreadsheetlinks en gegevens blijven behouden.",
+        "spreadsheet_permission_error": "Je hebt geen toestemming om deze spreadsheet te openen. Zorg ervoor dat de spreadsheet is gedeeld met je Google-account en dat je schrijftoegang hebt tot de spreadsheet.",
+        "spreadsheet_url": "Spreadsheet-URL",
+        "token_expired_error": "Het vernieuwingstoken van Google Sheets is verlopen of ingetrokken. Maak opnieuw verbinding met de integratie."
       },
       "include_created_at": "Inclusief gemaakt op",
       "include_hidden_fields": "Inclusief verborgen velden",

apps/web/locales/pt-BR.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Link da Planilha do Google",
         "link_new_sheet": "Vincular nova planilha",
         "no_integrations_yet": "Suas integrações do Google Sheets vão aparecer aqui assim que você adicioná-las. ⏲️",
-        "spreadsheet_url": "URL da planilha"
+        "reconnect_button": "Reconectar",
+        "reconnect_button_description": "Sua conexão com o Google Sheets expirou. Reconecte para continuar sincronizando respostas. Seus links de planilhas e dados existentes serão preservados.",
+        "reconnect_button_tooltip": "Reconecte a integração para atualizar seu acesso. Seus links de planilhas e dados existentes serão preservados.",
+        "spreadsheet_permission_error": "Você não tem permissão para acessar esta planilha. Certifique-se de que a planilha está compartilhada com sua conta do Google e que você tem acesso de escrita à planilha.",
+        "spreadsheet_url": "URL da planilha",
+        "token_expired_error": "O token de atualização do Google Sheets expirou ou foi revogado. Reconecte a integração."
       },
       "include_created_at": "Incluir Data de Criação",
       "include_hidden_fields": "Incluir Campos Ocultos",

apps/web/locales/pt-PT.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Ligar Folha do Google",
         "link_new_sheet": "Ligar nova Folha",
         "no_integrations_yet": "As suas integrações com o Google Sheets aparecerão aqui assim que as adicionar. ⏲️",
-        "spreadsheet_url": "URL da folha de cálculo"
+        "reconnect_button": "Reconectar",
+        "reconnect_button_description": "A tua ligação ao Google Sheets expirou. Por favor, reconecta para continuar a sincronizar respostas. As tuas ligações de folhas de cálculo e dados existentes serão preservados.",
+        "reconnect_button_tooltip": "Reconecta a integração para atualizar o teu acesso. As tuas ligações de folhas de cálculo e dados existentes serão preservados.",
+        "spreadsheet_permission_error": "Não tens permissão para aceder a esta folha de cálculo. Por favor, certifica-te de que a folha de cálculo está partilhada com a tua conta Google e que tens acesso de escrita à folha de cálculo.",
+        "spreadsheet_url": "URL da folha de cálculo",
+        "token_expired_error": "O token de atualização do Google Sheets expirou ou foi revogado. Por favor, reconecta a integração."
       },
       "include_created_at": "Incluir Criado Em",
       "include_hidden_fields": "Incluir Campos Ocultos",

apps/web/locales/ro-RO.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Leagă Google Sheet",
         "link_new_sheet": "Leagă un nou Sheet",
         "no_integrations_yet": "Integrațiile tale Google Sheet vor apărea aici de îndată ce le vei adăuga. ⏲️",
-        "spreadsheet_url": "URL foaie de calcul"
+        "reconnect_button": "Reconectează",
+        "reconnect_button_description": "Conexiunea ta cu Google Sheets a expirat. Te rugăm să te reconectezi pentru a continua sincronizarea răspunsurilor. Linkurile și datele existente din foile de calcul vor fi păstrate.",
+        "reconnect_button_tooltip": "Reconectează integrarea pentru a-ți reîmprospăta accesul. Linkurile și datele existente din foile de calcul vor fi păstrate.",
+        "spreadsheet_permission_error": "Nu ai permisiunea de a accesa această foaie de calcul. Asigură-te că foaia de calcul este partajată cu contul tău Google și că ai acces de scriere la aceasta.",
+        "spreadsheet_url": "URL foaie de calcul",
+        "token_expired_error": "Tokenul de reîmprospătare Google Sheets a expirat sau a fost revocat. Te rugăm să reconectezi integrarea."
       },
       "include_created_at": "Include data creării",
       "include_hidden_fields": "Include câmpuri ascunse",

apps/web/locales/ru-RU.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Связать с Google Sheet",
         "link_new_sheet": "Связать с новой таблицей",
         "no_integrations_yet": "Ваши интеграции с Google Sheet появятся здесь, как только вы их добавите. ⏲️",
-        "spreadsheet_url": "URL таблицы"
+        "reconnect_button": "Переподключить",
+        "reconnect_button_description": "Срок действия подключения к Google Sheets истёк. Пожалуйста, переподключись, чтобы продолжить синхронизацию ответов. Все существующие ссылки на таблицы и данные будут сохранены.",
+        "reconnect_button_tooltip": "Переподключи интеграцию, чтобы обновить доступ. Все существующие ссылки на таблицы и данные будут сохранены.",
+        "spreadsheet_permission_error": "У тебя нет доступа к этой таблице. Убедись, что таблица открыта для твоего Google-аккаунта и у тебя есть права на запись.",
+        "spreadsheet_url": "URL таблицы",
+        "token_expired_error": "Срок действия токена обновления Google Sheets истёк или он был отозван. Пожалуйста, переподключи интеграцию."
       },
       "include_created_at": "Включить дату создания",
       "include_hidden_fields": "Включить скрытые поля",

apps/web/locales/sv-SE.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "Länka Google Kalkylark",
         "link_new_sheet": "Länka nytt kalkylark",
         "no_integrations_yet": "Dina Google Kalkylark-integrationer visas här så snart du lägger till dem. ⏲️",
-        "spreadsheet_url": "Kalkylblads-URL"
+        "reconnect_button": "Återanslut",
+        "reconnect_button_description": "Din Google Sheets-anslutning har gått ut. Återanslut för att fortsätta synkronisera svar. Dina befintliga kalkylarkslänkar och data kommer att sparas.",
+        "reconnect_button_tooltip": "Återanslut integrationen för att uppdatera din åtkomst. Dina befintliga kalkylarkslänkar och data kommer att sparas.",
+        "spreadsheet_permission_error": "Du har inte behörighet att komma åt det här kalkylarket. Kontrollera att kalkylarket är delat med ditt Google-konto och att du har skrivrättigheter till kalkylarket.",
+        "spreadsheet_url": "Kalkylblads-URL",
+        "token_expired_error": "Google Sheets refresh token har gått ut eller återkallats. Återanslut integrationen."
       },
       "include_created_at": "Inkludera Skapad vid",
       "include_hidden_fields": "Inkludera dolda fält",

apps/web/locales/zh-Hans-CN.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "链接 Google 表格",
         "link_new_sheet": "链接 新 表格",
         "no_integrations_yet": "您的 Google Sheet 集成会在您 添加 后 出现在这里。 ⏲️",
-        "spreadsheet_url": "电子表格 URL"
+        "reconnect_button": "重新连接",
+        "reconnect_button_description": "你的 Google Sheets 连接已过期。请重新连接以继续同步回复。你现有的表格链接和数据会被保留。",
+        "reconnect_button_tooltip": "重新连接集成以刷新你的访问权限。你现有的表格链接和数据会被保留。",
+        "spreadsheet_permission_error": "你没有权限访问此表格。请确保该表格已与你的 Google 账号共享，并且你拥有该表格的编辑权限。",
+        "spreadsheet_url": "电子表格 URL",
+        "token_expired_error": "Google Sheets 的刷新令牌已过期或被撤销。请重新连接集成。"
       },
       "include_created_at": "包括 创建 于",
       "include_hidden_fields": "包括 隐藏 字段",

apps/web/locales/zh-Hant-TW.json

@@ -752,7 +752,12 @@
         "link_google_sheet": "連結 Google 試算表",
         "link_new_sheet": "連結新試算表",
         "no_integrations_yet": "您的 Google 試算表整合將在您新增後立即顯示在此處。⏲️",
-        "spreadsheet_url": "試算表網址"
+        "reconnect_button": "重新連線",
+        "reconnect_button_description": "你的 Google Sheets 連線已過期。請重新連線以繼續同步回應。你現有的試算表連結和資料都會被保留。",
+        "reconnect_button_tooltip": "重新連線整合以刷新存取權限。你現有的試算表連結和資料都會被保留。",
+        "spreadsheet_permission_error": "你沒有權限存取這個試算表。請確認該試算表已與你的 Google 帳戶分享，且你擁有寫入權限。",
+        "spreadsheet_url": "試算表網址",
+        "token_expired_error": "Google Sheets 的刷新權杖已過期或被撤銷。請重新連線整合。"
       },
       "include_created_at": "包含建立於",
       "include_hidden_fields": "包含隱藏欄位",

apps/web/modules/ee/contacts/lib/attribute-storage.ts

@@ -54,7 +54,6 @@ export const prepareNewSDKAttributeForStorage = (
 };
 
 const handleStringType = (value: TRawValue): TAttributeStorageColumns => {
-  // String type - only use value column
   let stringValue: string;
 
   if (value instanceof Date) {

apps/web/modules/ee/contacts/lib/attributes.test.ts

@@ -437,4 +437,22 @@ describe("updateAttributes", () => {
     expect(result.success).toBe(true);
     expect(result.messages).toContainEqual({ code: "email_or_userid_required", params: {} });
   });
+
+  test("coerces boolean attribute values to strings", async () => {
+    vi.mocked(getContactAttributeKeys).mockResolvedValue(attributeKeys);
+    vi.mocked(getContactAttributes).mockResolvedValue({ name: "Jane", email: "jane@example.com" });
+    vi.mocked(hasEmailAttribute).mockResolvedValue(false);
+    vi.mocked(hasUserIdAttribute).mockResolvedValue(false);
+    vi.mocked(prisma.$transaction).mockResolvedValue(undefined);
+    vi.mocked(prisma.contactAttribute.deleteMany).mockResolvedValue({ count: 0 });
+
+    const attributes = { name: true, email: "john@example.com" };
+    const result = await updateAttributes(contactId, userId, environmentId, attributes);
+
+    expect(result.success).toBe(true);
+    expect(prisma.$transaction).toHaveBeenCalled();
+    const transactionCall = vi.mocked(prisma.$transaction).mock.calls[0][0];
+    // Both name (coerced from boolean) and email should be upserted
+    expect(transactionCall).toHaveLength(2);
+  });
 });

apps/web/modules/ee/contacts/lib/attributes.ts

@@ -130,7 +130,12 @@ export const updateAttributes = async (
   const messages: TAttributeUpdateMessage[] = [];
   const errors: TAttributeUpdateMessage[] = [];
 
-  // Convert email and userId to strings for lookup (they should always be strings, but handle numbers gracefully)
+  // Coerce boolean values to strings (SDK may send booleans for string attributes)
+  const coercedAttributes: Record<string, string | number> = {};
+  for (const [key, value] of Object.entries(contactAttributesParam)) {
+    coercedAttributes[key] = typeof value === "boolean" ? String(value) : value;
+  }
+
   const emailValue =
     contactAttributesParam.email === null || contactAttributesParam.email === undefined
       ? null
@@ -154,7 +159,7 @@ export const updateAttributes = async (
   const userIdExists = !!existingUserIdAttribute;
 
   // Remove email and/or userId from attributes if they already exist on another contact
-  let contactAttributes = { ...contactAttributesParam };
+  let contactAttributes = { ...coercedAttributes };
 
   // Determine what the final email and userId values will be after this update
   // Only consider a value as "submitted" if it was explicitly included in the attributes

docs/self-hosting/configuration/domain-configuration.mdx

@@ -85,6 +85,7 @@ When PUBLIC_URL is configured, the following routes are automatically served fro
 
 - `/s/{surveyId}` - Individual survey access
 - `/c/{jwt}` - Personalized link survey access (JWT-based access)
+- `/p/{survey-slug}` - Pretty URL survey access
 - Embedded survey endpoints
 
 #### API Routes

packages/surveys/src/index.ts

@@ -6,6 +6,52 @@ import { FILE_PICK_EVENT } from "@/lib/constants";
 import { getI18nLanguage } from "@/lib/i18n-utils";
 import { addCustomThemeToDom, addStylesToDom, setStyleNonce } from "@/lib/styles";
 
+// Polyfill for webkit messageHandlers to prevent errors in browsers that don't fully support it
+// (e.g., Instagram's iOS in-app browser). This prevents TypeError when accessing unregistered handlers.
+if (typeof window !== "undefined") {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebKit types are not standard
+  const win = window as any;
+
+  // Create a Proxy that safely handles access to potentially undefined message handlers
+  const createMessageHandlersProxy = (originalHandlers: any = {}) => {
+    return new Proxy(originalHandlers, {
+      get(target, prop) {
+        const handler = target[prop as keyof typeof target];
+
+        // If the handler doesn't exist, return a safe mock object with a no-op postMessage
+        if (!handler) {
+          return {
+            postMessage: () => {
+              // Silently ignore - the message handler is not registered in this environment
+              console.debug(`WebKit message handler "${String(prop)}" is not available in this environment`);
+            },
+          };
+        }
+
+        return handler;
+      },
+    });
+  };
+
+  // Handle three scenarios:
+  // 1. window.webkit doesn't exist at all (Instagram iOS browser)
+  // 2. window.webkit exists but messageHandlers doesn't
+  // 3. Both exist but handlers might be missing
+  if (!win.webkit) {
+    // Scenario 1: Create the entire webkit object with proxied messageHandlers
+    win.webkit = {
+      messageHandlers: createMessageHandlersProxy(),
+    };
+  } else if (!win.webkit.messageHandlers) {
+    // Scenario 2: webkit exists but messageHandlers doesn't
+    win.webkit.messageHandlers = createMessageHandlersProxy();
+  } else {
+    // Scenario 3: Both exist, wrap existing messageHandlers with proxy
+    const originalMessageHandlers = win.webkit.messageHandlers;
+    win.webkit.messageHandlers = createMessageHandlersProxy(originalMessageHandlers);
+  }
+}
+
 export const renderSurveyInline = (props: SurveyContainerProps) => {
   const inlineProps: SurveyContainerProps = {
     ...props,

packages/surveys/src/lib/webkit-polyfill.test.ts

@@ -0,0 +1,250 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+describe("WebKit messageHandlers polyfill", () => {
+  let originalWebkit: any;
+  let consoleDebugSpy: any;
+
+  beforeEach(() => {
+    // Save the original webkit object if it exists
+    originalWebkit = (window as any).webkit;
+    consoleDebugSpy = vi.spyOn(console, "debug").mockImplementation(() => {});
+  });
+
+  afterEach(() => {
+    // Restore the original webkit object
+    if (originalWebkit) {
+      (window as any).webkit = originalWebkit;
+    } else {
+      delete (window as any).webkit;
+    }
+    consoleDebugSpy.mockRestore();
+  });
+
+  // Helper function to apply the polyfill logic (same as in index.ts)
+  const applyPolyfill = () => {
+    const win = window as any;
+
+    const createMessageHandlersProxy = (originalHandlers: any = {}) => {
+      return new Proxy(originalHandlers, {
+        get(target, prop) {
+          const handler = target[prop as keyof typeof target];
+
+          if (!handler) {
+            return {
+              postMessage: () => {
+                console.debug(
+                  `WebKit message handler "${String(prop)}" is not available in this environment`
+                );
+              },
+            };
+          }
+
+          return handler;
+        },
+      });
+    };
+
+    if (!win.webkit) {
+      win.webkit = {
+        messageHandlers: createMessageHandlersProxy(),
+      };
+    } else if (!win.webkit.messageHandlers) {
+      win.webkit.messageHandlers = createMessageHandlersProxy();
+    } else {
+      const originalMessageHandlers = win.webkit.messageHandlers;
+      win.webkit.messageHandlers = createMessageHandlersProxy(originalMessageHandlers);
+    }
+  };
+
+  describe("Scenario 1: window.webkit does not exist (Instagram iOS browser)", () => {
+    it("should create window.webkit with proxied messageHandlers", () => {
+      // Setup: Remove webkit completely
+      delete (window as any).webkit;
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: webkit should now exist
+      expect((window as any).webkit).toBeDefined();
+      expect((window as any).webkit.messageHandlers).toBeDefined();
+    });
+
+    it("should not throw when accessing undefined messageHandlers", () => {
+      // Setup
+      delete (window as any).webkit;
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: Accessing an undefined handler should not throw
+      expect(() => {
+        (window as any).webkit.messageHandlers.undefinedHandler.postMessage("test");
+      }).not.toThrow();
+
+      // Verify console.debug was called
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        'WebKit message handler "undefinedHandler" is not available in this environment'
+      );
+    });
+
+    it("should handle multiple undefined handlers without throwing", () => {
+      // Setup
+      delete (window as any).webkit;
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: Multiple undefined handlers should not throw
+      expect(() => {
+        (window as any).webkit.messageHandlers.handler1.postMessage("test1");
+        (window as any).webkit.messageHandlers.handler2.postMessage("test2");
+        (window as any).webkit.messageHandlers.handler3.postMessage("test3");
+      }).not.toThrow();
+
+      expect(consoleDebugSpy).toHaveBeenCalledTimes(3);
+    });
+  });
+
+  describe("Scenario 2: window.webkit exists but messageHandlers does not", () => {
+    it("should add proxied messageHandlers to existing webkit", () => {
+      // Setup: Create webkit without messageHandlers
+      (window as any).webkit = {};
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: messageHandlers should now exist
+      expect((window as any).webkit.messageHandlers).toBeDefined();
+    });
+
+    it("should not throw when accessing undefined handlers", () => {
+      // Setup
+      (window as any).webkit = {};
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test
+      expect(() => {
+        (window as any).webkit.messageHandlers.someHandler.postMessage("test");
+      }).not.toThrow();
+
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        'WebKit message handler "someHandler" is not available in this environment'
+      );
+    });
+  });
+
+  describe("Scenario 3: Both webkit and messageHandlers exist", () => {
+    it("should preserve existing handlers while proxying new ones", () => {
+      // Setup: Create a webkit object with a real handler
+      const mockPostMessage = vi.fn();
+      (window as any).webkit = {
+        messageHandlers: {
+          existingHandler: {
+            postMessage: mockPostMessage,
+          },
+        },
+      };
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: Existing handler should still work
+      (window as any).webkit.messageHandlers.existingHandler.postMessage("test message");
+      expect(mockPostMessage).toHaveBeenCalledWith("test message");
+
+      // Test: Undefined handler should not throw
+      expect(() => {
+        (window as any).webkit.messageHandlers.undefinedHandler.postMessage("test");
+      }).not.toThrow();
+
+      expect(consoleDebugSpy).toHaveBeenCalledWith(
+        'WebKit message handler "undefinedHandler" is not available in this environment'
+      );
+    });
+
+    it("should work with multiple existing handlers", () => {
+      // Setup
+      const mockPostMessage1 = vi.fn();
+      const mockPostMessage2 = vi.fn();
+      (window as any).webkit = {
+        messageHandlers: {
+          handler1: {
+            postMessage: mockPostMessage1,
+          },
+          handler2: {
+            postMessage: mockPostMessage2,
+          },
+        },
+      };
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: All existing handlers should work
+      (window as any).webkit.messageHandlers.handler1.postMessage("msg1");
+      (window as any).webkit.messageHandlers.handler2.postMessage("msg2");
+
+      expect(mockPostMessage1).toHaveBeenCalledWith("msg1");
+      expect(mockPostMessage2).toHaveBeenCalledWith("msg2");
+
+      // Test: Undefined handlers should not throw
+      expect(() => {
+        (window as any).webkit.messageHandlers.handler3.postMessage("msg3");
+      }).not.toThrow();
+    });
+  });
+
+  describe("Edge cases", () => {
+    it("should handle messageHandlers with empty object", () => {
+      // Setup
+      (window as any).webkit = {
+        messageHandlers: {},
+      };
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test
+      expect(() => {
+        (window as any).webkit.messageHandlers.anyHandler.postMessage("test");
+      }).not.toThrow();
+    });
+
+    it("should handle messageHandlers with null prototype", () => {
+      // Setup
+      (window as any).webkit = {
+        messageHandlers: Object.create(null),
+      };
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test
+      expect(() => {
+        (window as any).webkit.messageHandlers.handler.postMessage("test");
+      }).not.toThrow();
+    });
+
+    it("should not interfere with handler methods other than postMessage", () => {
+      // Setup
+      const customMethod = vi.fn();
+      (window as any).webkit = {
+        messageHandlers: {
+          customHandler: {
+            postMessage: vi.fn(),
+            customMethod,
+          },
+        },
+      };
+
+      // Apply polyfill
+      applyPolyfill();
+
+      // Test: Custom methods should still be accessible
+      (window as any).webkit.messageHandlers.customHandler.customMethod("test");
+      expect(customMethod).toHaveBeenCalledWith("test");
+    });
+  });
+});

packages/types/contact-attribute.ts

@@ -16,5 +16,5 @@ export type TContactAttribute = z.infer<typeof ZContactAttribute>;
 export const ZContactAttributes = z.record(z.string());
 export type TContactAttributes = z.infer<typeof ZContactAttributes>;
 
-export const ZContactAttributesInput = z.record(z.union([z.string(), z.number()]));
+export const ZContactAttributesInput = z.record(z.union([z.string(), z.number(), z.boolean()]));
 export type TContactAttributesInput = z.infer<typeof ZContactAttributesInput>;