From e28754f19e96611cd5e7c7bd52b6156423c998c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven=20Dee=20=28J=C5=8Dshin=29?= <mrdomino@gmail.com>
Date: Sat, 4 Jan 2025 10:41:39 -0800
Subject: [PATCH 1/2] Add verify.walletconnect.org to frame-src
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently both WalletConnect and Rabby (which apparently uses WalletConnect) are broken on base.org. As a result, the BitBox02 hardware wallet is currently unusable with base.org.

I see blocked requests to both verify.walletconnect.com and verify.walletconnect.org to the same URL path; [apps/base-docs/server.js][0] only uses the latter, so I’m assuming only one of them is needed and updated this to match.

[0]: https://github.com/base-org/web/blob/9beb94e4201224dea6234d2a061c9855f5133fd1/apps/base-docs/server.js#L436
---
 apps/web/next.config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index 85aca3922e..e4b7e0bb44 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -119,7 +119,7 @@ const contentSecurityPolicy = {
     'https://unpkg.com/@lottiefiles/dotlottie-web@0.31.1/dist/dotlottie-player.wasm', // lottie player
     `https://${process.env.NEXT_PUBLIC_PINATA_GATEWAY_URL}`,
   ],
-  'frame-src': ['https://p.datadoghq.com'],
+  'frame-src': ['https://p.datadoghq.com', 'https://verify.walletconnect.org'],
   'frame-ancestors': ["'self'", baseXYZDomains],
   'form-action': ["'self'", baseXYZDomains],
   'img-src': [

From cc7163f700955398310508fcd0c0d6d8dd8a297d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven=20Dee=20=28J=C5=8Dshin=29?= <git@wholezero.org>
Date: Sat, 4 Jan 2025 11:46:37 -0800
Subject: [PATCH 2/2] add verify.walletconnect.com

---
 apps/web/next.config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index e4b7e0bb44..1165cfbb91 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -119,7 +119,7 @@ const contentSecurityPolicy = {
     'https://unpkg.com/@lottiefiles/dotlottie-web@0.31.1/dist/dotlottie-player.wasm', // lottie player
     `https://${process.env.NEXT_PUBLIC_PINATA_GATEWAY_URL}`,
   ],
-  'frame-src': ['https://p.datadoghq.com', 'https://verify.walletconnect.org'],
+  'frame-src': ['https://p.datadoghq.com', 'https://verify.walletconnect.com', 'https://verify.walletconnect.org'],
   'frame-ancestors': ["'self'", baseXYZDomains],
   'form-action': ["'self'", baseXYZDomains],
   'img-src': [