@berachain/config 0.1.13 → 0.1.15-beta.1

package/dist/internal/header-sources.cjs

@@ -1,16 +1,288 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }var _chunkJYSZ2GU3cjs = require('../chunk-JYSZ2GU3.cjs');var _chunkDUO7UEQDcjs = require('../chunk-DUO7UEQD.cjs');var _chunk7BJPOGJ3cjs = require('../chunk-7BJPOGJ3.cjs');require('../chunk-XBV7BAIE.cjs');require('../chunk-TQ67UFXV.cjs');var _chunk276AZYTLcjs = require('../chunk-276AZYTL.cjs');var _chunk3KQLFIHTcjs = require('../chunk-3KQLFIHT.cjs');require('../chunk-2OLL4MUY.cjs');require('../chunk-4VDLQK6F.cjs');function v({dsn:t=process.env.NEXT_PUBLIC_SENTRY_DSN}={}){if(!t)return;let n=/^(?:https:\/\/)([A-z0-9]{32})(?::{0,1})([A-z0-9]*)(?:@)(o[a-z0-9]+)(?:\.ingest\.us\.sentry\.io)\/([0-9]{16})/i,e=_optionalChain([t, 'optionalAccess', _ => _.match, 'call', _2 => _2(n)]);if(!e)return;let[,s,r,o,a]=e,c=new URL(`https://${o}.ingest.us.sentry.io/api/${a}/security/?sentry_key=${s}`);return c.searchParams.set("sentry_key",s),c.searchParams.set("sentry_env",_chunkJYSZ2GU3cjs.a),c.searchParams.set("sentry_release",_chunkJYSZ2GU3cjs.c),{dsn:e[0],projectId:a,deprecatedSecret:r||void 0,cspEndpoint:c,org:o,publicKey:e[1]}}function N({isDevelopment:t,nonce:n,cspReporting:e,...s}){let r=[],o=_chunk7BJPOGJ3cjs.a[_chunk3KQLFIHTcjs.a],a=["https://*.sentry.io/","https://*.berachain.com/","https://*.berachain-staging.com/","wss://www.walletlink.org/rpc","https://*.thirdweb.com/","https://raw.githubusercontent.com/berachain/metadata/",_chunk276AZYTLcjs.a,"https://*.quiknode.pro","https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",_chunk276AZYTLcjs.b,o.pol.bribeBoostApi,_chunkDUO7UEQDcjs.a.call(void 0, o.api),_chunk276AZYTLcjs.e,_chunk276AZYTLcjs.d,_chunk276AZYTLcjs.f,"https://open-api.openocean.finance/","https://api.haiku.trade/","https://api.fly.trade/",`${o.bex.aggregatorsProxyUrl}/`,"wss://relay.walletconnect.com/","wss://relay.walletconnect.org/","https://verify.walletconnect.org/v3/public-key","https://api.routescan.io/v2/network/","wss://metamask-sdk.api.cx.metamask.io/socket.io/","https://metamask-sdk.api.cx.metamask.io","https://app.dynamicauth.com/api","https://www.walletlink.org/events","https://api.trongrid.io/","https://api-mainnet.layerzero-scan.com/","https://api-testnet.layerzero-scan.com/","https://chain-proxy.wallet.coinbase.com/","https://wallet.binance.com/tonbridge/","https://*.thirdweb.com/","https://eth.merkle.io/","https://cdn.whisk.so/","https://*.posthog.com","https://vercel.live","wss://ws-us3.pusher.com","https://cdn.markfi.xyz/scripts/analytics/","https://a.markfi.xyz/","https://hermes.pyth.network/v2/","https://rpc.porto.sh","https://api.avax.network/ext/bc/C/rpc","https://polygon-rpc.com","https://mainnet.optimism.io/","https://arb1.arbitrum.io/rpc","wss://www.walletlink.org/rpc","https://eth.merkle.io","https://mainnet.base.org/","https://api.enso.finance/","wss://www.walletlink.org/rpc",_chunkDUO7UEQDcjs.a.call(void 0, o.backend)].concat(_nullishCoalesce(s.connectionSources, () => ([]))).filter(i=>{if(!i)return!1;let p=_chunkDUO7UEQDcjs.a.call(void 0, i);return!(!p||p.trim()===""||p.startsWith(_chunk276AZYTLcjs.b)&&p!==_chunk276AZYTLcjs.b)}),c=[_chunk276AZYTLcjs.a,"https://raw.githubusercontent.com/berachain/metadata/","https://assets.coingecko.com/coins/images/","https://coin-images.coingecko.com/coins/images/","https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/","https://icons.llama.fi/","https://icons.llamao.fi/","https://static.debank.com/","https://cdn.whisk.so/","https://cdn.morpho.org/","https://raw.githubusercontent.com/trustwallet/assets/","https://pelaguswallet.io/docs/img","https://*.posthog.com","https://vercel.live","https://vercel.com"].concat(_nullishCoalesce(s.pictureSources, () => ([]))).filter(i=>!(!i||i.trim()==="")),S=["https://verify.walletconnect.com/","https://verify.walletconnect.org/","https://embedded-wallet.thirdweb.com/","https://*.posthog.com","https://vercel.live/","https://id.porto.sh"].concat(_nullishCoalesce(s.frameSources, () => ([]))),x=["https://cdn.jsdelivr.net/npm/@fontsource/","https://*.posthog.com","https://vercel.live","https://assets.vercel.com","https://fonts.gstatic.com","https://use.typekit.net/"].concat(_nullishCoalesce(s.fontSources, () => ([]))),$=["https://*.posthog.com","https://vercel.live"].concat(_nullishCoalesce(s.styleSources, () => ([]))),u=`
-    default-src 'self' ${r.join(" ")};
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
+
+
+var _chunkONKAV4AGcjs = require('../chunk-ONKAV4AG.cjs');
+
+
+var _chunkYT7WZDGIcjs = require('../chunk-YT7WZDGI.cjs');
+
+
+var _chunkJZA34W4Gcjs = require('../chunk-JZA34W4G.cjs');
+require('../chunk-3XMRQ4AF.cjs');
+require('../chunk-AMUU2OH4.cjs');
+
+
+
+
+
+
+var _chunkWRTYGXJMcjs = require('../chunk-WRTYGXJM.cjs');
+
+
+var _chunkADH7F47Tcjs = require('../chunk-ADH7F47T.cjs');
+require('../chunk-EYYJ2UZT.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+// src/internal/sentry/getSentryKeys.ts
+function getSentryKeys({
+  dsn = process.env.NEXT_PUBLIC_SENTRY_DSN
+} = {}) {
+  if (!dsn) {
+    return void 0;
+  }
+  const re = /^(?:https:\/\/)([A-z0-9]{32})(?::{0,1})([A-z0-9]*)(?:@)(o[a-z0-9]+)(?:\.ingest\.us\.sentry\.io)\/([0-9]{16})/i;
+  const match = _optionalChain([dsn, 'optionalAccess', _ => _.match, 'call', _2 => _2(re)]);
+  if (!match) {
+    return void 0;
+  }
+  const [
+    ,
+    key,
+    // this is a secret stored in a deprecated dns format
+    deprecatedSecret,
+    org,
+    projectId
+  ] = match;
+  const cspEndpoint = new URL(
+    `https://${org}.ingest.us.sentry.io/api/${projectId}/security/?sentry_key=${key}`
+  );
+  cspEndpoint.searchParams.set("sentry_key", key);
+  cspEndpoint.searchParams.set("sentry_env", _chunkONKAV4AGcjs.sentryEnvironment);
+  cspEndpoint.searchParams.set("sentry_release", _chunkONKAV4AGcjs.sentryRelease);
+  return {
+    dsn: match[0],
+    projectId,
+    deprecatedSecret: deprecatedSecret || void 0,
+    cspEndpoint,
+    org,
+    publicKey: match[1]
+  };
+}
+
+// src/internal/header-sources.ts
+function getContentSecurityPolicy({
+  isDevelopment,
+  nonce,
+  cspReporting,
+  ...args
+}) {
+  const defaultSrc = [];
+  const config = _chunkJZA34W4Gcjs.chainConfigs[_chunkADH7F47Tcjs.defaultChainId];
+  const connectionSources = [
+    // csp reporting
+    "https://*.sentry.io/",
+    "https://*.berachain.com/",
+    "https://*.berachain-staging.com/",
+    "wss://www.walletlink.org/rpc",
+    "https://*.thirdweb.com/",
+    "https://raw.githubusercontent.com/berachain/metadata/",
+    _chunkWRTYGXJMcjs.imageBaseUrl,
+    // QUICKNODE RPCs
+    "https://*.quiknode.pro",
+    // Beranames avatar
+    "https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",
+    _chunkWRTYGXJMcjs.goldskyBaseUrl,
+    // Subgraph queries are served by same-origin typed REST endpoints under
+    // /api/honey/* and /api/pol/* (covered by 'self'), not direct browser
+    // requests to the upstream URLs.
+    config.pol.bribeBoostApi,
+    _chunkYT7WZDGIcjs.getUriFromLink.call(void 0, config.api),
+    _chunkWRTYGXJMcjs.jsonRpcUrl,
+    _chunkWRTYGXJMcjs.publicJsonRpcUrl,
+    _chunkWRTYGXJMcjs.alchemyJsonRpcUrl,
+    "https://open-api.openocean.finance/",
+    "https://api.haiku.trade/",
+    "https://api.fly.trade/",
+    `${config.bex.aggregatorsProxyUrl}/`,
+    "wss://relay.walletconnect.com/",
+    "wss://relay.walletconnect.org/",
+    "https://verify.walletconnect.org/v3/public-key",
+    "https://api.routescan.io/v2/network/",
+    "wss://metamask-sdk.api.cx.metamask.io/socket.io/",
+    "https://metamask-sdk.api.cx.metamask.io",
+    "https://app.dynamicauth.com/api",
+    "https://www.walletlink.org/events",
+    "https://api.trongrid.io/",
+    "https://api-mainnet.layerzero-scan.com/",
+    "https://api-testnet.layerzero-scan.com/",
+    "https://chain-proxy.wallet.coinbase.com/",
+    "https://wallet.binance.com/tonbridge/",
+    "https://*.thirdweb.com/",
+    "https://eth.merkle.io/",
+    "https://cdn.whisk.so/",
+    // use to fetch tokens
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "wss://ws-us3.pusher.com",
+    // COOKIE3
+    "https://cdn.markfi.xyz/scripts/analytics/",
+    "https://a.markfi.xyz/",
+    // PYTH
+    "https://hermes.pyth.network/v2/",
+    // PORTO WALLET
+    "https://rpc.porto.sh",
+    // external rpc urls
+    "https://api.avax.network/ext/bc/C/rpc",
+    "https://polygon-rpc.com",
+    "https://mainnet.optimism.io/",
+    "https://arb1.arbitrum.io/rpc",
+    "wss://www.walletlink.org/rpc",
+    "https://eth.merkle.io",
+    "https://mainnet.base.org/",
+    // enso api
+    "https://api.enso.finance/",
+    "wss://www.walletlink.org/rpc",
+    // backend
+    _chunkYT7WZDGIcjs.getUriFromLink.call(void 0, config.backend)
+  ].concat(_nullishCoalesce(args.connectionSources, () => ( []))).filter((link) => {
+    if (!link) {
+      return false;
+    }
+    const url = _chunkYT7WZDGIcjs.getUriFromLink.call(void 0, link);
+    if (!url || url.trim() === "") {
+      return false;
+    }
+    if (url.startsWith(_chunkWRTYGXJMcjs.goldskyBaseUrl) && url !== _chunkWRTYGXJMcjs.goldskyBaseUrl) {
+      return false;
+    }
+    return true;
+  });
+  const pictureSources = [
+    _chunkWRTYGXJMcjs.imageBaseUrl,
+    "https://raw.githubusercontent.com/berachain/metadata/",
+    "https://assets.coingecko.com/coins/images/",
+    "https://coin-images.coingecko.com/coins/images/",
+    "https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",
+    "https://icons.llama.fi/",
+    "https://icons.llamao.fi/",
+    "https://static.debank.com/",
+    "https://cdn.whisk.so/",
+    // bend
+    "https://cdn.morpho.org/",
+    // bend
+    "https://raw.githubusercontent.com/trustwallet/assets/",
+    // bend
+    "https://pelaguswallet.io/docs/img",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "https://vercel.com"
+  ].concat(_nullishCoalesce(args.pictureSources, () => ( []))).filter((url) => {
+    if (!url || url.trim() === "") {
+      return false;
+    }
+    return true;
+  });
+  const frameSources = [
+    "https://verify.walletconnect.com/",
+    "https://verify.walletconnect.org/",
+    // thirdweb export pk iframe
+    "https://embedded-wallet.thirdweb.com/",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live/",
+    // PORTO WALLET
+    "https://id.porto.sh"
+  ].concat(_nullishCoalesce(args.frameSources, () => ( [])));
+  const fontSources = [
+    "https://cdn.jsdelivr.net/npm/@fontsource/",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "https://assets.vercel.com",
+    // collected by sentry (need by browsers extensions)
+    "https://fonts.gstatic.com",
+    "https://use.typekit.net/"
+  ].concat(_nullishCoalesce(args.fontSources, () => ( [])));
+  const styleSources = [
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live"
+  ].concat(_nullishCoalesce(args.styleSources, () => ( [])));
+  let cspHeader = `
+    default-src 'self' ${defaultSrc.join(" ")};
     base-uri 'self';
-    frame-src 'self' ${S.join(" ")};
+    frame-src 'self' ${frameSources.join(" ")};
     frame-ancestors 'self' https://*.posthog.com;
-    script-src 'self' 'sha256-k2HGvaYkGyYZxOwKGxgE1mr06tZEDcEXNZ5mdcldK0o=' 'nonce-${n}' https://*.posthog.com 'strict-dynamic' ${t?"'unsafe-eval'":""};
+    script-src 'self' 'sha256-k2HGvaYkGyYZxOwKGxgE1mr06tZEDcEXNZ5mdcldK0o=' 'nonce-${nonce}' https://*.posthog.com 'strict-dynamic' ${isDevelopment ? "'unsafe-eval'" : ""};
     worker-src 'self' blob: data:;
-    font-src 'self' ${x.join(" ")};
-    style-src 'self' ${$.join(" ")} 'unsafe-inline';
-    img-src 'self' data: ${c.join(" ")};
-    connect-src 'self' ${a.join(" ")};
+    font-src 'self' ${fontSources.join(" ")};
+    style-src 'self' ${styleSources.join(" ")} 'unsafe-inline';
+    img-src 'self' data: ${pictureSources.join(" ")};
+    connect-src 'self' ${connectionSources.join(" ")};
     media-src https://*.posthog.com;
-  `;return e&&(u+=`
-    report-uri ${e};
+  `;
+  if (cspReporting) {
+    cspHeader += `
+    report-uri ${cspReporting};
     report-to csp-endpoint;
-    `),u.replace(/\s{2,}/g," ").trim()}var C=[_chunk276AZYTLcjs.a,"https://raw.githubusercontent.com/berachain/metadata/","https://assets.coingecko.com/coins/images/","https://berachain.ghost.io/content/images/"].filter(t=>!(!t||t.trim()===""));function P({response:t}){let n=_optionalChain([v, 'call', _3 => _3(), 'optionalAccess', _4 => _4.cspEndpoint]),e=Buffer.from(crypto.randomUUID()).toString("base64"),s=process.env.NODE_ENV==="development",r=[{key:"Content-Security-Policy",value:N({isDevelopment:s,cspReporting:_optionalChain([n, 'optionalAccess', _5 => _5.toString, 'call', _6 => _6()]),nonce:e})},{key:"X-Frame-Options",value:"DENY"},{key:"X-Content-Type-Options",value:"nosniff"},{key:"X-Nonce",value:e}];n&&(r.push({key:"Reporting-To",value:`{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"${n}"}],"include_subdomains":true}"`}),r.push({key:"Reporting-Endpoints",value:`csp-endpoint="${n}"`}));for(let o of r)t.headers.set(o.key,o.value);return t}exports.cspMiddleware = P; exports.getContentSecurityPolicy = N; exports.staticPictureSources = C;
+    `;
+  }
+  return cspHeader.replace(/\s{2,}/g, " ").trim();
+}
+var staticPictureSources = [
+  // Only add image delivery URL if it exists and can be processed
+  _chunkWRTYGXJMcjs.imageBaseUrl,
+  "https://raw.githubusercontent.com/berachain/metadata/",
+  "https://assets.coingecko.com/coins/images/",
+  "https://berachain.ghost.io/content/images/"
+].filter((url) => {
+  if (!url || url.trim() === "") {
+    return false;
+  }
+  return true;
+});
+function cspMiddleware({
+  response
+}) {
+  const sentryCspEndpoint = _optionalChain([getSentryKeys, 'call', _3 => _3(), 'optionalAccess', _4 => _4.cspEndpoint]);
+  const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
+  const isDevelopment = process.env.NODE_ENV === "development";
+  const headers = [
+    {
+      key: "Content-Security-Policy",
+      value: getContentSecurityPolicy({
+        isDevelopment,
+        cspReporting: _optionalChain([sentryCspEndpoint, 'optionalAccess', _5 => _5.toString, 'call', _6 => _6()]),
+        nonce
+      })
+    },
+    {
+      key: "X-Frame-Options",
+      value: "DENY"
+    },
+    {
+      key: "X-Content-Type-Options",
+      value: "nosniff"
+    },
+    {
+      key: "X-Nonce",
+      value: nonce
+    }
+  ];
+  if (sentryCspEndpoint) {
+    headers.push({
+      key: "Reporting-To",
+      value: `{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"${sentryCspEndpoint}"}],"include_subdomains":true}"`
+    });
+    headers.push({
+      key: "Reporting-Endpoints",
+      value: `csp-endpoint="${sentryCspEndpoint}"`
+    });
+  }
+  for (const header of headers) {
+    response.headers.set(header.key, header.value);
+  }
+  return response;
+}
+
+
+
+
+exports.cspMiddleware = cspMiddleware; exports.getContentSecurityPolicy = getContentSecurityPolicy; exports.staticPictureSources = staticPictureSources;

package/dist/internal/header-sources.mjs

@@ -1,16 +1,288 @@
-import{a as k,c as b}from"../chunk-DL645PXT.mjs";import{a as m}from"../chunk-O243TIHY.mjs";import{a as w}from"../chunk-ZA2X4K7Z.mjs";import"../chunk-JW76KOHH.mjs";import"../chunk-VWV244JK.mjs";import{a as l,b as h,d as g,e as d,f as y}from"../chunk-4EBBM3AH.mjs";import{a as f}from"../chunk-S2A3Z34I.mjs";import"../chunk-MS6UGFXI.mjs";import"../chunk-JZXLCA2E.mjs";function v({dsn:t=process.env.NEXT_PUBLIC_SENTRY_DSN}={}){if(!t)return;let n=/^(?:https:\/\/)([A-z0-9]{32})(?::{0,1})([A-z0-9]*)(?:@)(o[a-z0-9]+)(?:\.ingest\.us\.sentry\.io)\/([0-9]{16})/i,e=t?.match(n);if(!e)return;let[,s,r,o,a]=e,c=new URL(`https://${o}.ingest.us.sentry.io/api/${a}/security/?sentry_key=${s}`);return c.searchParams.set("sentry_key",s),c.searchParams.set("sentry_env",k),c.searchParams.set("sentry_release",b),{dsn:e[0],projectId:a,deprecatedSecret:r||void 0,cspEndpoint:c,org:o,publicKey:e[1]}}function N({isDevelopment:t,nonce:n,cspReporting:e,...s}){let r=[],o=w[f],a=["https://*.sentry.io/","https://*.berachain.com/","https://*.berachain-staging.com/","wss://www.walletlink.org/rpc","https://*.thirdweb.com/","https://raw.githubusercontent.com/berachain/metadata/",l,"https://*.quiknode.pro","https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",h,o.pol.bribeBoostApi,m(o.api),d,g,y,"https://open-api.openocean.finance/","https://api.haiku.trade/","https://api.fly.trade/",`${o.bex.aggregatorsProxyUrl}/`,"wss://relay.walletconnect.com/","wss://relay.walletconnect.org/","https://verify.walletconnect.org/v3/public-key","https://api.routescan.io/v2/network/","wss://metamask-sdk.api.cx.metamask.io/socket.io/","https://metamask-sdk.api.cx.metamask.io","https://app.dynamicauth.com/api","https://www.walletlink.org/events","https://api.trongrid.io/","https://api-mainnet.layerzero-scan.com/","https://api-testnet.layerzero-scan.com/","https://chain-proxy.wallet.coinbase.com/","https://wallet.binance.com/tonbridge/","https://*.thirdweb.com/","https://eth.merkle.io/","https://cdn.whisk.so/","https://*.posthog.com","https://vercel.live","wss://ws-us3.pusher.com","https://cdn.markfi.xyz/scripts/analytics/","https://a.markfi.xyz/","https://hermes.pyth.network/v2/","https://rpc.porto.sh","https://api.avax.network/ext/bc/C/rpc","https://polygon-rpc.com","https://mainnet.optimism.io/","https://arb1.arbitrum.io/rpc","wss://www.walletlink.org/rpc","https://eth.merkle.io","https://mainnet.base.org/","https://api.enso.finance/","wss://www.walletlink.org/rpc",m(o.backend)].concat(s.connectionSources??[]).filter(i=>{if(!i)return!1;let p=m(i);return!(!p||p.trim()===""||p.startsWith(h)&&p!==h)}),c=[l,"https://raw.githubusercontent.com/berachain/metadata/","https://assets.coingecko.com/coins/images/","https://coin-images.coingecko.com/coins/images/","https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/","https://icons.llama.fi/","https://icons.llamao.fi/","https://static.debank.com/","https://cdn.whisk.so/","https://cdn.morpho.org/","https://raw.githubusercontent.com/trustwallet/assets/","https://pelaguswallet.io/docs/img","https://*.posthog.com","https://vercel.live","https://vercel.com"].concat(s.pictureSources??[]).filter(i=>!(!i||i.trim()==="")),S=["https://verify.walletconnect.com/","https://verify.walletconnect.org/","https://embedded-wallet.thirdweb.com/","https://*.posthog.com","https://vercel.live/","https://id.porto.sh"].concat(s.frameSources??[]),x=["https://cdn.jsdelivr.net/npm/@fontsource/","https://*.posthog.com","https://vercel.live","https://assets.vercel.com","https://fonts.gstatic.com","https://use.typekit.net/"].concat(s.fontSources??[]),$=["https://*.posthog.com","https://vercel.live"].concat(s.styleSources??[]),u=`
-    default-src 'self' ${r.join(" ")};
+import {
+  sentryEnvironment,
+  sentryRelease
+} from "../chunk-3K6IUX3G.mjs";
+import {
+  getUriFromLink
+} from "../chunk-LALEUPWL.mjs";
+import {
+  chainConfigs
+} from "../chunk-KYJQS3T5.mjs";
+import "../chunk-SWEAJ6OD.mjs";
+import "../chunk-JHPXZOPW.mjs";
+import {
+  alchemyJsonRpcUrl,
+  goldskyBaseUrl,
+  imageBaseUrl,
+  jsonRpcUrl,
+  publicJsonRpcUrl
+} from "../chunk-BM46XQJA.mjs";
+import {
+  defaultChainId
+} from "../chunk-CAOMAWN5.mjs";
+import "../chunk-KJXYSGNH.mjs";
+import "../chunk-7P6ASYW6.mjs";
+
+// src/internal/sentry/getSentryKeys.ts
+function getSentryKeys({
+  dsn = process.env.NEXT_PUBLIC_SENTRY_DSN
+} = {}) {
+  if (!dsn) {
+    return void 0;
+  }
+  const re = /^(?:https:\/\/)([A-z0-9]{32})(?::{0,1})([A-z0-9]*)(?:@)(o[a-z0-9]+)(?:\.ingest\.us\.sentry\.io)\/([0-9]{16})/i;
+  const match = dsn?.match(re);
+  if (!match) {
+    return void 0;
+  }
+  const [
+    ,
+    key,
+    // this is a secret stored in a deprecated dns format
+    deprecatedSecret,
+    org,
+    projectId
+  ] = match;
+  const cspEndpoint = new URL(
+    `https://${org}.ingest.us.sentry.io/api/${projectId}/security/?sentry_key=${key}`
+  );
+  cspEndpoint.searchParams.set("sentry_key", key);
+  cspEndpoint.searchParams.set("sentry_env", sentryEnvironment);
+  cspEndpoint.searchParams.set("sentry_release", sentryRelease);
+  return {
+    dsn: match[0],
+    projectId,
+    deprecatedSecret: deprecatedSecret || void 0,
+    cspEndpoint,
+    org,
+    publicKey: match[1]
+  };
+}
+
+// src/internal/header-sources.ts
+function getContentSecurityPolicy({
+  isDevelopment,
+  nonce,
+  cspReporting,
+  ...args
+}) {
+  const defaultSrc = [];
+  const config = chainConfigs[defaultChainId];
+  const connectionSources = [
+    // csp reporting
+    "https://*.sentry.io/",
+    "https://*.berachain.com/",
+    "https://*.berachain-staging.com/",
+    "wss://www.walletlink.org/rpc",
+    "https://*.thirdweb.com/",
+    "https://raw.githubusercontent.com/berachain/metadata/",
+    imageBaseUrl,
+    // QUICKNODE RPCs
+    "https://*.quiknode.pro",
+    // Beranames avatar
+    "https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",
+    goldskyBaseUrl,
+    // Subgraph queries are served by same-origin typed REST endpoints under
+    // /api/honey/* and /api/pol/* (covered by 'self'), not direct browser
+    // requests to the upstream URLs.
+    config.pol.bribeBoostApi,
+    getUriFromLink(config.api),
+    jsonRpcUrl,
+    publicJsonRpcUrl,
+    alchemyJsonRpcUrl,
+    "https://open-api.openocean.finance/",
+    "https://api.haiku.trade/",
+    "https://api.fly.trade/",
+    `${config.bex.aggregatorsProxyUrl}/`,
+    "wss://relay.walletconnect.com/",
+    "wss://relay.walletconnect.org/",
+    "https://verify.walletconnect.org/v3/public-key",
+    "https://api.routescan.io/v2/network/",
+    "wss://metamask-sdk.api.cx.metamask.io/socket.io/",
+    "https://metamask-sdk.api.cx.metamask.io",
+    "https://app.dynamicauth.com/api",
+    "https://www.walletlink.org/events",
+    "https://api.trongrid.io/",
+    "https://api-mainnet.layerzero-scan.com/",
+    "https://api-testnet.layerzero-scan.com/",
+    "https://chain-proxy.wallet.coinbase.com/",
+    "https://wallet.binance.com/tonbridge/",
+    "https://*.thirdweb.com/",
+    "https://eth.merkle.io/",
+    "https://cdn.whisk.so/",
+    // use to fetch tokens
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "wss://ws-us3.pusher.com",
+    // COOKIE3
+    "https://cdn.markfi.xyz/scripts/analytics/",
+    "https://a.markfi.xyz/",
+    // PYTH
+    "https://hermes.pyth.network/v2/",
+    // PORTO WALLET
+    "https://rpc.porto.sh",
+    // external rpc urls
+    "https://api.avax.network/ext/bc/C/rpc",
+    "https://polygon-rpc.com",
+    "https://mainnet.optimism.io/",
+    "https://arb1.arbitrum.io/rpc",
+    "wss://www.walletlink.org/rpc",
+    "https://eth.merkle.io",
+    "https://mainnet.base.org/",
+    // enso api
+    "https://api.enso.finance/",
+    "wss://www.walletlink.org/rpc",
+    // backend
+    getUriFromLink(config.backend)
+  ].concat(args.connectionSources ?? []).filter((link) => {
+    if (!link) {
+      return false;
+    }
+    const url = getUriFromLink(link);
+    if (!url || url.trim() === "") {
+      return false;
+    }
+    if (url.startsWith(goldskyBaseUrl) && url !== goldskyBaseUrl) {
+      return false;
+    }
+    return true;
+  });
+  const pictureSources = [
+    imageBaseUrl,
+    "https://raw.githubusercontent.com/berachain/metadata/",
+    "https://assets.coingecko.com/coins/images/",
+    "https://coin-images.coingecko.com/coins/images/",
+    "https://beranames-assets-berachain.s3.eu-central-003.backblazeb2.com/",
+    "https://icons.llama.fi/",
+    "https://icons.llamao.fi/",
+    "https://static.debank.com/",
+    "https://cdn.whisk.so/",
+    // bend
+    "https://cdn.morpho.org/",
+    // bend
+    "https://raw.githubusercontent.com/trustwallet/assets/",
+    // bend
+    "https://pelaguswallet.io/docs/img",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "https://vercel.com"
+  ].concat(args.pictureSources ?? []).filter((url) => {
+    if (!url || url.trim() === "") {
+      return false;
+    }
+    return true;
+  });
+  const frameSources = [
+    "https://verify.walletconnect.com/",
+    "https://verify.walletconnect.org/",
+    // thirdweb export pk iframe
+    "https://embedded-wallet.thirdweb.com/",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live/",
+    // PORTO WALLET
+    "https://id.porto.sh"
+  ].concat(args.frameSources ?? []);
+  const fontSources = [
+    "https://cdn.jsdelivr.net/npm/@fontsource/",
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live",
+    "https://assets.vercel.com",
+    // collected by sentry (need by browsers extensions)
+    "https://fonts.gstatic.com",
+    "https://use.typekit.net/"
+  ].concat(args.fontSources ?? []);
+  const styleSources = [
+    // POSTHOG TOOLBAR
+    "https://*.posthog.com",
+    // VERCEL TOOLBAR
+    "https://vercel.live"
+  ].concat(args.styleSources ?? []);
+  let cspHeader = `
+    default-src 'self' ${defaultSrc.join(" ")};
     base-uri 'self';
-    frame-src 'self' ${S.join(" ")};
+    frame-src 'self' ${frameSources.join(" ")};
     frame-ancestors 'self' https://*.posthog.com;
-    script-src 'self' 'sha256-k2HGvaYkGyYZxOwKGxgE1mr06tZEDcEXNZ5mdcldK0o=' 'nonce-${n}' https://*.posthog.com 'strict-dynamic' ${t?"'unsafe-eval'":""};
+    script-src 'self' 'sha256-k2HGvaYkGyYZxOwKGxgE1mr06tZEDcEXNZ5mdcldK0o=' 'nonce-${nonce}' https://*.posthog.com 'strict-dynamic' ${isDevelopment ? "'unsafe-eval'" : ""};
     worker-src 'self' blob: data:;
-    font-src 'self' ${x.join(" ")};
-    style-src 'self' ${$.join(" ")} 'unsafe-inline';
-    img-src 'self' data: ${c.join(" ")};
-    connect-src 'self' ${a.join(" ")};
+    font-src 'self' ${fontSources.join(" ")};
+    style-src 'self' ${styleSources.join(" ")} 'unsafe-inline';
+    img-src 'self' data: ${pictureSources.join(" ")};
+    connect-src 'self' ${connectionSources.join(" ")};
     media-src https://*.posthog.com;
-  `;return e&&(u+=`
-    report-uri ${e};
+  `;
+  if (cspReporting) {
+    cspHeader += `
+    report-uri ${cspReporting};
     report-to csp-endpoint;
-    `),u.replace(/\s{2,}/g," ").trim()}var C=[l,"https://raw.githubusercontent.com/berachain/metadata/","https://assets.coingecko.com/coins/images/","https://berachain.ghost.io/content/images/"].filter(t=>!(!t||t.trim()===""));function P({response:t}){let n=v()?.cspEndpoint,e=Buffer.from(crypto.randomUUID()).toString("base64"),s=process.env.NODE_ENV==="development",r=[{key:"Content-Security-Policy",value:N({isDevelopment:s,cspReporting:n?.toString(),nonce:e})},{key:"X-Frame-Options",value:"DENY"},{key:"X-Content-Type-Options",value:"nosniff"},{key:"X-Nonce",value:e}];n&&(r.push({key:"Reporting-To",value:`{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"${n}"}],"include_subdomains":true}"`}),r.push({key:"Reporting-Endpoints",value:`csp-endpoint="${n}"`}));for(let o of r)t.headers.set(o.key,o.value);return t}export{P as cspMiddleware,N as getContentSecurityPolicy,C as staticPictureSources};
+    `;
+  }
+  return cspHeader.replace(/\s{2,}/g, " ").trim();
+}
+var staticPictureSources = [
+  // Only add image delivery URL if it exists and can be processed
+  imageBaseUrl,
+  "https://raw.githubusercontent.com/berachain/metadata/",
+  "https://assets.coingecko.com/coins/images/",
+  "https://berachain.ghost.io/content/images/"
+].filter((url) => {
+  if (!url || url.trim() === "") {
+    return false;
+  }
+  return true;
+});
+function cspMiddleware({
+  response
+}) {
+  const sentryCspEndpoint = getSentryKeys()?.cspEndpoint;
+  const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
+  const isDevelopment = process.env.NODE_ENV === "development";
+  const headers = [
+    {
+      key: "Content-Security-Policy",
+      value: getContentSecurityPolicy({
+        isDevelopment,
+        cspReporting: sentryCspEndpoint?.toString(),
+        nonce
+      })
+    },
+    {
+      key: "X-Frame-Options",
+      value: "DENY"
+    },
+    {
+      key: "X-Content-Type-Options",
+      value: "nosniff"
+    },
+    {
+      key: "X-Nonce",
+      value: nonce
+    }
+  ];
+  if (sentryCspEndpoint) {
+    headers.push({
+      key: "Reporting-To",
+      value: `{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"${sentryCspEndpoint}"}],"include_subdomains":true}"`
+    });
+    headers.push({
+      key: "Reporting-Endpoints",
+      value: `csp-endpoint="${sentryCspEndpoint}"`
+    });
+  }
+  for (const header of headers) {
+    response.headers.set(header.key, header.value);
+  }
+  return response;
+}
+export {
+  cspMiddleware,
+  getContentSecurityPolicy,
+  staticPictureSources
+};

package/dist/internal/index.cjs

@@ -1 +1,40 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true});var _chunk7BJPOGJ3cjs = require('../chunk-7BJPOGJ3.cjs');require('../chunk-XBV7BAIE.cjs');require('../chunk-TQ67UFXV.cjs');var _chunk276AZYTLcjs = require('../chunk-276AZYTL.cjs');var _chunk3KQLFIHTcjs = require('../chunk-3KQLFIHT.cjs');var _chunk2OLL4MUYcjs = require('../chunk-2OLL4MUY.cjs');require('../chunk-4VDLQK6F.cjs');exports.ChainId = _chunk2OLL4MUYcjs.a; exports.alchemyJsonRpcUrl = _chunk276AZYTLcjs.f; exports.appConfig = _chunk7BJPOGJ3cjs.b; exports.chainConfigs = _chunk7BJPOGJ3cjs.a; exports.chainId = _chunk3KQLFIHTcjs.a; exports.config = _chunk7BJPOGJ3cjs.c; exports.currentDapp = _chunk3KQLFIHTcjs.f; exports.defaultChainId = _chunk3KQLFIHTcjs.a; exports.getRpcUrls = _chunk276AZYTLcjs.c; exports.goldskyBaseUrl = _chunk276AZYTLcjs.b; exports.imageBaseUrl = _chunk276AZYTLcjs.a; exports.jsonRpcUrl = _chunk276AZYTLcjs.e; exports.privateRcpUrl = _chunk276AZYTLcjs.g; exports.publicJsonRpcUrl = _chunk276AZYTLcjs.d;
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+
+
+var _chunkJZA34W4Gcjs = require('../chunk-JZA34W4G.cjs');
+require('../chunk-3XMRQ4AF.cjs');
+require('../chunk-AMUU2OH4.cjs');
+
+
+
+
+
+
+
+
+var _chunkWRTYGXJMcjs = require('../chunk-WRTYGXJM.cjs');
+
+
+
+var _chunkADH7F47Tcjs = require('../chunk-ADH7F47T.cjs');
+
+
+var _chunkEYYJ2UZTcjs = require('../chunk-EYYJ2UZT.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.ChainId = _chunkEYYJ2UZTcjs.ChainId; exports.alchemyJsonRpcUrl = _chunkWRTYGXJMcjs.alchemyJsonRpcUrl; exports.appConfig = _chunkJZA34W4Gcjs.appConfig; exports.chainConfigs = _chunkJZA34W4Gcjs.chainConfigs; exports.chainId = _chunkADH7F47Tcjs.defaultChainId; exports.config = _chunkJZA34W4Gcjs.config; exports.currentDapp = _chunkADH7F47Tcjs.currentDapp; exports.defaultChainId = _chunkADH7F47Tcjs.defaultChainId; exports.getRpcUrls = _chunkWRTYGXJMcjs.getRpcUrls; exports.goldskyBaseUrl = _chunkWRTYGXJMcjs.goldskyBaseUrl; exports.imageBaseUrl = _chunkWRTYGXJMcjs.imageBaseUrl; exports.jsonRpcUrl = _chunkWRTYGXJMcjs.jsonRpcUrl; exports.privateRcpUrl = _chunkWRTYGXJMcjs.privateRcpUrl; exports.publicJsonRpcUrl = _chunkWRTYGXJMcjs.publicJsonRpcUrl;