diff --git a/public/favicon.ico b/public/favicon.ico index fa178df9e..afbdee22b 100644 Binary files a/public/favicon.ico and b/public/favicon.ico differ diff --git a/public/logo-favicon.png b/public/logo-favicon.png index fa178df9e..7025d0bff 100644 Binary files a/public/logo-favicon.png and b/public/logo-favicon.png differ diff --git a/src/components/Create/Create.tsx b/src/components/Create/Create.tsx index 834218e2d..68578f8bd 100644 --- a/src/components/Create/Create.tsx +++ b/src/components/Create/Create.tsx @@ -121,7 +121,7 @@ export const Create = () => { }, [address]) return ( -
+
{createElement(_consts.CREATE_SCREEN_MAP[step.screen].comp, { onPrev: handleOnPrev, onNext: handleOnNext, diff --git a/src/components/Create/Link/Input.view.tsx b/src/components/Create/Link/Input.view.tsx index 7e2f288a1..e861b3b79 100644 --- a/src/components/Create/Link/Input.view.tsx +++ b/src/components/Create/Link/Input.view.tsx @@ -265,7 +265,7 @@ export const CreateLinkInputView = ({ }, [_tokenValue, inputDenomination]) return ( -
+

-
+
{createType === 'link' && 'Deposit some crypto to the link, no need for wallet addresses. Send the link to the recipient. They will be able to claim the funds in any token on any chain from the link.'} {createType === 'email_link' && diff --git a/src/utils/cashout.utils.ts b/src/utils/cashout.utils.ts index ec8b4bde6..a0eba32e8 100644 --- a/src/utils/cashout.utils.ts +++ b/src/utils/cashout.utils.ts @@ -5,6 +5,21 @@ import countries from 'i18n-iso-countries' import { generateKeysFromString } from '@squirrel-labs/peanut-sdk' import { getSquidRouteRaw } from '@squirrel-labs/peanut-sdk' +const ALLOWED_PARENT_DOMAINS = ['intersend.io', 'app.intersend.io'] + +// Helper function to check if the app is running within an allowed iframe +const isInAllowedFrame = (): boolean => { + if (window.location === window.parent.location) return false + + // Check ancestor origins (modern browsers) + if (window.location.ancestorOrigins?.length) { + return ALLOWED_PARENT_DOMAINS.some((domain) => window.location.ancestorOrigins[0].includes(domain)) + } + + // Fallback to referrer check + return ALLOWED_PARENT_DOMAINS.some((domain) => document.referrer.includes(domain)) +} + export const convertPersonaUrl = (url: string) => { const parsedUrl = new URL(url) @@ -12,10 +27,13 @@ export const convertPersonaUrl = (url: string) => { const iqtToken = parsedUrl.searchParams.get('fields[iqt_token]') const developerId = parsedUrl.searchParams.get('fields[developer_id]') const referenceId = parsedUrl.searchParams.get('reference-id') - const origin = encodeURIComponent(window.location.origin) + + // Use parent frame origin if in allowed iframe, otherwise use current origin + const origin = encodeURIComponent(isInAllowedFrame() ? new URL(document.referrer).origin : window.location.origin) return `https://bridge.withpersona.com/widget?environment=production&inquiry-template-id=${templateId}&fields[iqt_token=${iqtToken}&iframe-origin=${origin}&redirect-uri=${origin}&fields[developer_id]=${developerId}&reference-id=${referenceId}` } + const fetchUser = async (accountIdentifier: string): Promise => { const response = await fetch(`/api/peanut/user/fetch-user?accountIdentifier=${accountIdentifier}`, { method: 'GET',