fix(frontend): fix CSP header

Author: zensh

src/ic_message_frontend/package.json

@@ -85,5 +85,5 @@
     "test": "vitest run"
   },
   "type": "module",
-  "version": "2.13.2"
+  "version": "2.13.3"
 }

src/ic_message_frontend/src/lib/constants.ts

@@ -1,6 +1,6 @@
 const src = globalThis.location?.href || ''
 
-export const APP_VERSION = '2.13.2'
+export const APP_VERSION = '2.13.3'
 export const IS_LOCAL = src.includes('localhost') || src.includes('127.0.0.1')
 export const ENV = IS_LOCAL ? 'local' : 'ic'
 export const APP_ORIGIN = IS_LOCAL

src/ic_message_frontend/static/.ic-assets.json

@@ -15,7 +15,7 @@
         "match": "**/*",
         "security_policy": "standard",
         "headers": {
-            "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' https://pbs.twimg.com https://*.icp0.io data: blob:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
+            "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io https://api.icpswap.com;img-src 'self' https://pbs.twimg.com https://*.icp0.io data: blob:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
             "Permissions-Policy": "autoplay=*, camera=*, cross-origin-isolated=*, display-capture=*, encrypted-media=*, fullscreen=*, keyboard-map=*, microphone=*, payment=*, picture-in-picture=*, clipboard-read=*, clipboard-write=*",
             "X-Frame-Options": "DENY",
             "Referrer-Policy": "same-origin",

src/ic_panda_frontend/package.json

@@ -78,5 +78,5 @@
     "test": "vitest run"
   },
   "type": "module",
-  "version": "2.13.2"
+  "version": "2.13.3"
 }

src/ic_panda_frontend/src/lib/constants.ts

@@ -1,6 +1,6 @@
 const src = globalThis.location?.href || ''
 
-export const APP_VERSION = '2.13.2'
+export const APP_VERSION = '2.13.3'
 export const IS_LOCAL = src.includes('localhost') || src.includes('127.0.0.1')
 export const ENV = IS_LOCAL ? 'local' : 'ic'
 export const APP_ORIGIN = IS_LOCAL

src/ic_panda_frontend/static/.ic-assets.json

@@ -15,7 +15,7 @@
         "match": "**/*",
         "security_policy": "standard",
         "headers": {
-            "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io https://*.panda.fans;img-src 'self' https://pbs.twimg.com https://*.icp0.io data: blob:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';frame-src;form-action 'self';upgrade-insecure-requests;",
+            "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io https://api.icpswap.com https://*.panda.fans;img-src 'self' https://pbs.twimg.com https://*.icp0.io data: blob:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';frame-src;form-action 'self';upgrade-insecure-requests;",
             "Permissions-Policy": "autoplay=*, camera=*, cross-origin-isolated=*, display-capture=*, encrypted-media=*, fullscreen=*, keyboard-map=*, microphone=*, payment=*, picture-in-picture=*, clipboard-read=*, clipboard-write=*",
             "X-Frame-Options": "DENY",
             "Referrer-Policy": "same-origin",