fix: lighter CSP

netlify.toml

@@ -8,4 +8,4 @@
   for = "/*"
   [headers.values]
     X-Frame-Options = "DENY"
-    Content-Security-Policy = "default-src 'self'; style-src 'unsafe-inline'; object-src 'none'; frame-src 'none';"
+    Content-Security-Policy = "frame-src 'none';"

packages/app/src/manifest.json

@@ -8,7 +8,7 @@
     "256": "assets/logo-128@2x.png",
     "512": "assets/logo-128@3x.png"
   },
-  "content_security_policy": "script-src 'self'<% DEV_CSR %>; object-src 'self'; frame-src 'none'",
+  "content_security_policy": "script-src 'self'<% DEV_CSR %>; object-src 'self'; frame-src 'none';",
   "permissions": [
     "activeTab"
   ],

packages/app/vercel.json

@@ -10,7 +10,7 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; style-src 'unsafe-inline'; object-src 'none'; frame-src 'none';"
+          "value": "frame-src 'none';"
         }
       ]
     }

packages/test-app/components/counter-actions.tsx

@@ -3,7 +3,7 @@ import { Button, ButtonGroup, Box, Text } from '@blockstack/ui';
 import { AppContext } from '@common/context';
 import { getAuthOrigin, getRPCClient } from '@common/utils';
 import { useConnect } from '@blockstack/connect';
-import { deserializeCV, IntCV } from '@blockstack/stacks-transactions';
+import { deserializeCV, IntCV, StacksTestnet } from '@blockstack/stacks-transactions';
 import { ExplorerLink } from '@components/explorer-link';
 
 export const CounterActions: React.FC = () => {
@@ -18,6 +18,8 @@ export const CounterActions: React.FC = () => {
     setError('');
     setLoading(true);
     const authOrigin = getAuthOrigin();
+    const network = new StacksTestnet();
+    network.coreApiUrl = 'https://stacks-node-api.blockstack.org';
     await doContractCall({
       authOrigin,
       contractAddress: 'STB44HYPYAT2BB2QE513NSP81HTMYWBJP02HPGK6',