From f70e25551b2293aa3613bc1c131b5b8890fa6b93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Olav?= <bo@jalborg.com>
Date: Mon, 27 Jan 2025 14:17:25 +0100
Subject: [PATCH 1/2] clients/faucet: debug why cors fails

---
 clients/bitwindow/lib/pages/root_page.dart       |  1 -
 clients/bitwindow/lib/pages/sidechains_page.dart | 15 ++++++++++-----
 clients/faucet/lib/api/api.dart                  | 12 +++++++-----
 clients/sail_ui/assets/svgs/icon_format.svg      |  4 ++++
 clients/sail_ui/lib/widgets/core/sail_svg.dart   |  4 ++++
 5 files changed, 25 insertions(+), 11 deletions(-)
 create mode 100644 clients/sail_ui/assets/svgs/icon_format.svg

diff --git a/clients/bitwindow/lib/pages/root_page.dart b/clients/bitwindow/lib/pages/root_page.dart
index 9f4d6a64..2e703905 100644
--- a/clients/bitwindow/lib/pages/root_page.dart
+++ b/clients/bitwindow/lib/pages/root_page.dart
@@ -63,7 +63,6 @@ class RootPage extends StatelessWidget {
                         label: 'Sidechains',
                         active: tabsRouter.activeIndex == 2,
                         onTap: () => tabsRouter.setActiveIndex(2),
-                        end: true,
                       ),
                       QtTab(
                         icon: SailSVGAsset.iconLearn,
diff --git a/clients/bitwindow/lib/pages/sidechains_page.dart b/clients/bitwindow/lib/pages/sidechains_page.dart
index 3a8ea01a..db8af587 100644
--- a/clients/bitwindow/lib/pages/sidechains_page.dart
+++ b/clients/bitwindow/lib/pages/sidechains_page.dart
@@ -347,6 +347,11 @@ class SidechainsViewModel extends BaseViewModel {
     notifyListeners();
   }
 
+  void formatAddress() {
+    addressController.text = formatDepositAddress(addressController.text, _selectedIndex ?? 254);
+    notifyListeners();
+  }
+
   void deposit(BuildContext context) async {
     if (double.tryParse(depositAmountController.text) == null) {
       showSnackBar(context, 'Invalid amount, enter a number');
@@ -456,11 +461,11 @@ class MakeDepositsView extends ViewModelWidget<SidechainsViewModel> {
                 ),
               ),
               QtIconButton(
-                tooltip: 'Clear',
-                onPressed: viewModel.clearAddress,
-                icon: Icon(
-                  Icons.cancel_outlined,
-                  size: 20.0,
+                tooltip: 'Format Deposit Address',
+                onPressed: viewModel.formatAddress,
+                icon: SailSVG.fromAsset(
+                  SailSVGAsset.iconFormat,
+                  width: 20,
                   color: context.sailTheme.colors.text,
                 ),
               ),
diff --git a/clients/faucet/lib/api/api.dart b/clients/faucet/lib/api/api.dart
index b18957a0..0baa4590 100644
--- a/clients/faucet/lib/api/api.dart
+++ b/clients/faucet/lib/api/api.dart
@@ -19,11 +19,13 @@ class APILive extends API {
 
   @override
   CallOptions createOptions() {
-    final timeout = Duration(
-      seconds: 3,
-    );
+    final timeout = Duration(seconds: 3);
     final providers = [
-      (metadata, uri) async {},
+      (metadata, uri) async {
+        // Add any headers needed for CORS
+        metadata['Origin'] = 'https://${Environment.apiHost}';
+        metadata['Accept-Encoding'] = 'gzip';
+      },
     ];
     try {
       return getCallOptions(
@@ -33,7 +35,7 @@ class APILive extends API {
     } catch (error) {
       log.e('could not create callOptions: ${error.toString()}');
       return CallOptions();
-    } finally {}
+    }
   }
 }
 
diff --git a/clients/sail_ui/assets/svgs/icon_format.svg b/clients/sail_ui/assets/svgs/icon_format.svg
new file mode 100644
index 00000000..c9b6aeed
--- /dev/null
+++ b/clients/sail_ui/assets/svgs/icon_format.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="#000000" viewBox="0 0 256 256">
+    <path
+        d="M247.15,212.42l-56-112a8,8,0,0,0-14.31,0l-21.71,43.43A88,88,0,0,1,108,126.93,103.65,103.65,0,0,0,135.69,64H160a8,8,0,0,0,0-16H104V32a8,8,0,0,0-16,0V48H32a8,8,0,0,0,0,16h87.63A87.76,87.76,0,0,1,96,116.35a87.74,87.74,0,0,1-19-31,8,8,0,1,0-15.08,5.34A103.63,103.63,0,0,0,84,127a87.55,87.55,0,0,1-52,17,8,8,0,0,0,0,16,103.46,103.46,0,0,0,64-22.08,104.18,104.18,0,0,0,51.44,21.31l-26.6,53.19a8,8,0,0,0,14.31,7.16L148.94,192h70.11l13.79,27.58A8,8,0,0,0,240,224a8,8,0,0,0,7.15-11.58ZM156.94,176,184,121.89,211.05,176Z"></path>
+</svg>
\ No newline at end of file
diff --git a/clients/sail_ui/lib/widgets/core/sail_svg.dart b/clients/sail_ui/lib/widgets/core/sail_svg.dart
index 027699b6..c3ed4307 100644
--- a/clients/sail_ui/lib/widgets/core/sail_svg.dart
+++ b/clients/sail_ui/lib/widgets/core/sail_svg.dart
@@ -31,6 +31,7 @@ enum SailSVGAsset {
   iconDropdown,
   iconDeposit,
   iconWithdraw,
+  iconFormat,
 
   iconHome,
   iconSend,
@@ -187,6 +188,9 @@ extension AsAssetPath on SailSVGAsset {
       case SailSVGAsset.iconWithdraw:
         return 'assets/svgs/icon_withdraw.svg';
 
+      case SailSVGAsset.iconFormat:
+        return 'assets/svgs/icon_format.svg';
+
       case SailSVGAsset.iconHome:
         return 'assets/svgs/icon_home.svg';
       case SailSVGAsset.iconSend:

From af75db6eb0ba118d9048295e1c7ecf4e0d07d0bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Olav?= <bo@jalborg.com>
Date: Mon, 27 Jan 2025 14:17:47 +0100
Subject: [PATCH 2/2] faucet/server: fuck cors

---
 servers/faucet/server/server.go | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/servers/faucet/server/server.go b/servers/faucet/server/server.go
index 0628c416..a3461b66 100644
--- a/servers/faucet/server/server.go
+++ b/servers/faucet/server/server.go
@@ -55,8 +55,14 @@ type Server struct {
 }
 
 func (s *Server) Handler(ctx context.Context) http.Handler {
-
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Add CSP header
+		w.Header().Set("Content-Security-Policy",
+			"default-src 'self'; "+
+				"connect-src 'self' ws: wss: http: https:; "+
+				"script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval'; "+ // Allow eval for gRPC-web
+				"style-src 'self' 'unsafe-inline'")
+
 		// If the body is completely empty, replace it with the
 		// empty object. This makes it possible to send requests
 		// without a body, without getting a cryptic error.
@@ -66,27 +72,27 @@ func (s *Server) Handler(ctx context.Context) http.Handler {
 
 		corsHandler := cors.New(cors.Options{
 			AllowedOrigins: []string{
-				"https://drivechain.live",
+				"*", // For development. In production, specify exact origins
 			},
 			AllowedMethods: []string{"GET", "POST", "DELETE", "OPTIONS", "PATCH"},
 			AllowedHeaders: []string{
-				"Connect-Protocol-Version", "Content-Type", "Connect-Protocol-Version", "Content-Type", "Accept",
-
-				"Connect-Accept-Encoding", "Connect-Content-Encoding",
-				"Grpc-Timeout",
-
-				"X-Grpc-Web", "X-User-Agent",
-				"Access-Control-Allow-Origin",
+				"Connect-Protocol-Version", "Content-Type", "Connect-Protocol-Version",
+				"Content-Type", "Accept", "Connect-Accept-Encoding",
+				"Connect-Content-Encoding", "Grpc-Timeout", "X-Grpc-Web",
+				"X-User-Agent", "Access-Control-Allow-Origin",
 				"Access-Control-Request-Headers",
+				"Content-Security-Policy", // Allow CSP header
+				"Origin",                  // Important for CORS preflight
+				"Accept-Encoding",         // Allow compression negotiation
 			},
 			ExposedHeaders: []string{
-				"Content-Encoding",
-				"Connect-Content-Encoding",
-				"Grpc-Status",
-				"Grpc-Message",
+				"Content-Encoding", "Connect-Content-Encoding",
+				"Grpc-Status", "Grpc-Message",
 				"Access-Control-Allow-Origin",
 				"Access-Control-Request-Headers",
+				"Content-Security-Policy", // Expose CSP header
 			},
+			AllowCredentials: true, // Allow credentials
 		})
 
 		withCORS := corsHandler.Handler(s.mux)