Skip to content

fix: add shapeshift api csp for widget#93

Merged
0xApotheosis merged 1 commit intodevelopfrom
fix-add-shapeshift-api-csp
Jan 27, 2026
Merged

fix: add shapeshift api csp for widget#93
0xApotheosis merged 1 commit intodevelopfrom
fix-add-shapeshift-api-csp

Conversation

@firebomb1
Copy link
Collaborator

@firebomb1 firebomb1 commented Jan 27, 2026
edited by coderabbitai bot
Loading

This adds the new URL of the ShapeShift API endpoint to the connect-src context in the CSP. Certain browsers when using ads/script blocking extensions do respect this policy stricly and it prevents them to fetch quotes (Firefox with uMatrix/uBlock).

Chances are this was already an issue before #90, but nobody noticed 😅

Summary by CodeRabbit

  • Chores
    • Updated security policy configuration to allow connectivity with an additional API endpoint.

✏️ Tip: You can customize this high-level summary in your review settings.

@firebomb1 firebomb1 self-assigned this Jan 27, 2026
@vercel
Copy link

vercel bot commented Jan 27, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
website-frontend Ready Ready Preview, Comment Jan 27, 2026 1:51pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 27, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The CSP header configuration in middleware.ts was updated to include an additional origin (https://api.thorchain.shapeshift.com) in the connect-src directive. No functional logic or control flow was altered.

Changes

Cohort / File(s) Summary
CSP Header Configuration
middleware.ts		 Added https://api.thorchain.shapeshift.com to the connect-src directive in the Content Security Policy header

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested reviewers

  • 0xApotheosis

Poem

🐰 A rabbit whispers through the net,
A new origin, no regrets!
Thorchain speaks, we shall allow,
Security policies take a bow! 🔐✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding a ShapeShift API endpoint to CSP for the widget, which directly matches the changeset's primary modification.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-add-shapeshift-api-csp

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

0xApotheosis
0xApotheosis approved these changes Jan 27, 2026
View reviewed changes
Copy link
Member

@0xApotheosis 0xApotheosis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@0xApotheosis 0xApotheosis merged commit a598b26 into develop Jan 27, 2026
4 checks passed
@0xApotheosis 0xApotheosis deleted the fix-add-shapeshift-api-csp branch January 27, 2026 23:40
@0xApotheosis 0xApotheosis mentioned this pull request Jan 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xApotheosis 0xApotheosis 0xApotheosis approved these changes

Assignees

@firebomb1 firebomb1

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@firebomb1 @0xApotheosis