update csp (#703)

BeanstalkFarms · Nov 30, 2023 · 7d668b9 · 7d668b9
2 parents 5b42a9a + 5a76023
commit 7d668b9
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 78 deletions.
diff --git a/projects/ui/index.html b/projects/ui/index.html
@@ -26,9 +26,6 @@
     <meta name="twitter:image:alt" content="Beanstalk logo.">
     <meta name="twitter:site" content="@BeanstalkFarms">
     <%- csp %>
-    <% if (process.env.NODE_ENV === 'production') { %>
-      <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-KGLM87W');</script>
-    <% } %>
     <link rel="icon" href="/favicon.ico" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="theme-color" content="#000000" />
@@ -47,7 +44,6 @@
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>
-    <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KGLM87W" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
     <div id="app"></div>
     <script type="module" src="/src/index.tsx"></script>
   </body>

diff --git a/projects/ui/src/components/Governance/GovernanceSpaces.tsx b/projects/ui/src/components/Governance/GovernanceSpaces.tsx
@@ -32,13 +32,18 @@ const GovernanceSpaces: React.FC<{}> = () => {
   const filterBySpace = useCallback(
     (t: number) => {
       if (!loading && data?.proposals) {
-        console.log("dataproposals: ", data.proposals)
         return data.proposals.filter(
-          (p) => p !== null && p?.space?.id === SNAPSHOT_SPACES[t] && (
-            (p.title.startsWith("BIP") || p.title.startsWith("BOP")) && p.space.id === "beanstalkdao.eth" || 
-            (p.title.startsWith("Temp-Check") || p.title.startsWith("BFCP")) && p.space.id === "beanstalkfarms.eth" || 
-            p.title.startsWith("BSP") && p.space.id === "wearebeansprout.eth" || 
-            p.title.startsWith("BNP") && p.space.id === "beanft.eth")
+          (p) =>
+            p !== null &&
+            p?.space?.id === SNAPSHOT_SPACES[t] &&
+            (((p.title.startsWith('BIP') || p.title.startsWith('BOP')) &&
+              p.space.id === 'beanstalkdao.eth') ||
+              ((p.title.startsWith('Temp-Check') ||
+                p.title.startsWith('BFCP')) &&
+                p.space.id === 'beanstalkfarms.eth') ||
+              (p.title.startsWith('BSP') &&
+                p.space.id === 'wearebeansprout.eth') ||
+              (p.title.startsWith('BNP') && p.space.id === 'beanft.eth'))
         ) as Proposal[];
       }
       return [];

diff --git a/projects/ui/vite.config.ts b/projects/ui/vite.config.ts
@@ -13,20 +13,19 @@ type CSPData = {
   'style-src': string[];
   'script-src': string[];
   'img-src': string[];
-}
+  'frame-src': string[];
+};
 
 function buildCSP(data: CSPData) {
-  return Object.keys(data).map(
-    (key) => `${key} ${data[key].join(' ')}`
-  ).join(';');
+  return Object.keys(data)
+    .map((key) => `${key} ${data[key].join(' ')}`)
+    .join(';');
 }
 
 const CSP = buildCSP({
-  'default-src': [
-    '\'self\''
-  ],
+  'default-src': ["'self'"],
   'connect-src': [
-    '\'self\'',
+    "'self'",
     '*.alchemyapi.io', // Alchemy RPC
     '*.alchemy.com', // Alchemy RPC
     'https://cloudflare-eth.com', // Cloudflare RPC
@@ -44,82 +43,88 @@ const CSP = buildCSP({
     '*.doubleclick.net',
   ],
   'style-src': [
-    '\'self\'',
-    '\'unsafe-inline\'' // Required for Emotion
+    "'self'",
+    "'unsafe-inline'", // Required for Emotion
   ],
   'script-src': [
-    '\'self\'',
+    "'self'",
     '*.google-analytics.com',
     '*.googletagmanager.com',
-    '\'sha256-D0XQFeW9gcWWp4NGlqN0xpmiObsjqCewnVFeAsys7qM=\'' // GA inline script
+    "'sha256-D0XQFeW9gcWWp4NGlqN0xpmiObsjqCewnVFeAsys7qM='", // GA inline script
   ],
   'img-src': [
-    '\'self\'',
+    "'self'",
     '*.githubusercontent.com', // Github imgaes included in gov proposals
     'https://*.arweave.net', // Arweave images included in gov proposals
     'https://arweave.net', // Arweave images included in gov proposals
     '*.walletconnect.com', // WalletConnect wallet viewer
     'data:', // Wallet connectors use data-uri QR codes
     'https://ipfs.io/', // BeaNFT images
-    'https://cf-ipfs.com/', // Gov proposal images
+    'https://cf-ipfs.com/', // Gov proposal images,
+    'https://*.ipfs.cf-ipfs.com/',
   ],
+  'frame-src': ['https://verify.walletconnect.com/'], // for walletconnect
 });
 
 // https://vitejs.dev/config/
-export default defineConfig(({ command, mode }) => ({
-  test: {
-    globals: true,
-  },
-  server: {
-    hmr: {
-      overlay: true
-    }
-  },
-  plugins: [
-    react({
-      // This definition ensures that the `css` prop from Emotion 
-      // works at build time. The one in tsconfig.json ensures that
-      // the IDE doesn't throw errors when using the prop.
-      jsxImportSource: '@emotion/react',
-    }),
-    createHtmlPlugin({
-      minify: true,
-      inject: {
-        data: {
-          csp: (process.env.NODE_ENV === 'production' && !process.env.DISABLE_CSP)
-            ? `<meta http-equiv="Content-Security-Policy" content="${CSP}" />`
-            : ''
-        }
-      }
-    }),
-    splitVendorChunkPlugin(),
-    (process.env.NODE_ENV === 'production') &&
-      analyze({ limit: 10 }),
-    (process.env.NODE_ENV === 'production') && 
-      removeHTMLAttributes({
-        include: ['**/*.tsx', '**/*.jsx'],
-        attributes: ['data-cy'],
-        exclude: 'node_modules'
-      })
-  ],
-  resolve: {
-    alias: [
-      {
-        find: '~',
-        replacement: path.resolve(__dirname, 'src')
+export default defineConfig(
+  ({ command, mode }) =>
+    ({
+      test: {
+        globals: true,
+      },
+      server: {
+        hmr: {
+          overlay: true,
+        },
       },
-    ],
-  },
-  build: {
-    sourcemap: command === 'serve',
-    reportCompressedSize: true,
-    rollupOptions: {
       plugins: [
-        strip({
-          functions: ['console.debug'],
-          include: '**/*.(ts|tsx)',
+        react({
+          // This definition ensures that the `css` prop from Emotion
+          // works at build time. The one in tsconfig.json ensures that
+          // the IDE doesn't throw errors when using the prop.
+          jsxImportSource: '@emotion/react',
         }),
-      ]
-    }
-  }
-} as UserConfig));
+        createHtmlPlugin({
+          minify: true,
+          inject: {
+            data: {
+              csp:
+                process.env.NODE_ENV === 'production' &&
+                !process.env.DISABLE_CSP
+                  ? `<meta http-equiv="Content-Security-Policy" content="${CSP}" />`
+                  : '',
+            },
+          },
+        }),
+        splitVendorChunkPlugin(),
+        process.env.NODE_ENV === 'production' && analyze({ limit: 10 }),
+        process.env.NODE_ENV === 'production' &&
+          removeHTMLAttributes({
+            include: ['**/*.tsx', '**/*.jsx'],
+            attributes: ['data-cy'],
+            exclude: 'node_modules',
+          }),
+      ],
+      resolve: {
+        alias: [
+          {
+            find: '~',
+            replacement: path.resolve(__dirname, 'src'),
+          },
+        ],
+      },
+      build: {
+        sourcemap: command === 'serve',
+        reportCompressedSize: true,
+        rollupOptions: {
+          plugins: [
+            strip({
+              functions: ['console.debug'],
+              include: '**/*.(ts|tsx)',
+            }),
+          ],
+        },
+      },
+    } as UserConfig)
+);