security(tauri): enable Content Security Policy (#851)

* security(tauri): enable Content Security Policy

Removes dangerousDisableAssetCspModification and adds strict CSP:
- default-src 'self': only load from same origin
- script-src 'self': prevent XSS via external scripts
- style-src 'self' 'unsafe-inline': allow inline styles for MUI

Addresses: SECURITY_AUDIT.md finding C4

* switch to eigenwallet.org, allow request to API and CoinGecko

---------

Co-authored-by: Security Patches <security-patches@local>
Co-authored-by: Binarybaron <binarybaron@protonmail.com>

Author: 3 people

README.md

@@ -9,7 +9,7 @@ This is the monorepo containing the source code for all of our core projects:
 - [`tauri`](src-tauri/) contains the tauri bindings between binaries and user interface
 - and other crates we use in our binaries
 
-If you're just here for the software, head over to the [releases](https://github.com/eigenwallet/core/releases/latest) tab and grab the binary for your operating system! If you're just looking for documentation, check out our [docs page](https://docs.unstoppableswap.net/) or our [github docs](dev-docs/README.md).
+If you're just here for the software, head over to the [releases](https://github.com/eigenwallet/core/releases/latest) tab and grab the binary for your operating system! If you're just looking for documentation, check out our [docs page](https://docs.eigenwallet.org/) or our [github docs](dev-docs/README.md).
 
 Join our [Matrix room](https://matrix.to/#/#unstoppableswap-core:matrix.org) to follow development more closely.
 

docs/components/SwapProviderTable.tsx

@@ -7,7 +7,7 @@ export default function SwapMakerTable() {
   }
 
   async function getMakers() {
-    const response = await fetch("https://api.unstoppableswap.net/api/list");
+    const response = await fetch("https://api.eigenwallet.org/api/list");
     const data = await response.json();
     return data;
   }

src-gui/src/renderer/api.ts

@@ -17,7 +17,7 @@ import { setAlerts } from "store/features/alertsSlice";
 import logger from "utils/logger";
 import { setConversation } from "store/features/conversationsSlice";
 
-const PUBLIC_REGISTRY_API_BASE_URL = "https://api.unstoppableswap.net";
+const PUBLIC_REGISTRY_API_BASE_URL = "https://api.eigenwallet.org";
 
 async function fetchAlertsViaHttp(): Promise<Alert[]> {
   const response = await fetch(`${PUBLIC_REGISTRY_API_BASE_URL}/api/alerts`);

src-gui/src/renderer/components/modal/updater/UpdaterDialog.tsx

@@ -18,7 +18,7 @@ import { useSnackbar } from "notistack";
 import { relaunch } from "@tauri-apps/plugin-process";
 
 const GITHUB_RELEASES_URL = "https://github.com/eigenwallet/core/releases";
-const HOMEPAGE_URL = "https://unstoppableswap.net/";
+const HOMEPAGE_URL = "https://eigenwallet.org/";
 
 interface DownloadProgress {
   contentLength: number | null;

src-gui/src/renderer/components/other/ContactInfoBox.tsx

@@ -36,7 +36,7 @@ export default function ContactInfoBox() {
       </Tooltip>
       <Tooltip title="Read our official documentation">
         <span>
-          <LinkIconButton url="https://docs.unstoppableswap.net">
+          <LinkIconButton url="https://docs.eigenwallet.org">
             <MenuBook />
           </LinkIconButton>
         </span>

src-gui/src/renderer/rpc.ts

@@ -95,7 +95,6 @@ const DONATION_ADDRESS_STAGENET =
 ///
 /// Get the key from:
 /// - https://github.com/eigenwallet/core/blob/master/utils/gpg_keys/binarybaron.asc
-/// - https://unstoppableswap.net/binarybaron.asc
 const DONATION_ADDRESS_MAINNET_SIG = `
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

src-tauri/tauri.conf.json

@@ -23,7 +23,7 @@
       }
     ],
     "security": {
-      "dangerousDisableAssetCspModification": true
+      "csp": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.eigenwallet.org https://api.coingecko.com"
     }
   },
   "bundle": {