neuron-technologies/neuron-web
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SyntaxError in account-dashboard and expand CSP #152

Merged
will.anderson merged 1 commits from fix/syntax-error-and-csp into dev 2026-05-19 17:13:43 +00:00
Conversation 0 Commits 1 Files Changed 2
+6 -6
will.anderson commented 2026-05-19 17:13:23 +00:00
Owner
Copy Link
Copy Source

What

Two fixes in one:

1. SyntaxError in account-dashboard.js
El's native_js parser fails on ternary ? 'string' : 'string' — the ? adjacent to single-quoted strings triggers an Unexpected string SyntaxError in the compiled IIFE output. Entire IIFE throws at startup, meaning signInWith is never defined on window, so both auth buttons do nothing with ReferenceError: signInWith is not defined.

Fixed by replacing the ternary with a plain if-else in the devices count block.

2. CSP blocking Stripe and Google Fonts
All three header functions (sec_headers_json, js_headers_json, static_asset_headers_json) were missing entries that caused hard functional failures:

  • https://js.stripe.com missing from script-src → Stripe JS never loads → payment form never renders
  • https://js.stripe.com missing from frame-src → Stripe Elements iframe blocked
  • https://fonts.googleapis.com missing from style-src → Google Fonts CSS blocked
  • https://fonts.gstatic.com missing from font-src → Google Fonts files blocked
  • https://static.cloudflareinsights.com added to script-src (noisy violation)

Test

Verify on stage:

  • Sign in buttons work (no signInWith is not defined in console)
  • No SyntaxError: Unexpected string in console
  • Checkout page renders Stripe payment form
  • Fonts render correctly (Playfair Display / IBM Plex Sans)
## What Two fixes in one: **1. SyntaxError in `account-dashboard.js`** El's native_js parser fails on ternary `? 'string' : 'string'` — the `?` adjacent to single-quoted strings triggers an `Unexpected string` SyntaxError in the compiled IIFE output. Entire IIFE throws at startup, meaning `signInWith` is never defined on `window`, so both auth buttons do nothing with `ReferenceError: signInWith is not defined`. Fixed by replacing the ternary with a plain if-else in the devices count block. **2. CSP blocking Stripe and Google Fonts** All three header functions (`sec_headers_json`, `js_headers_json`, `static_asset_headers_json`) were missing entries that caused hard functional failures: - `https://js.stripe.com` missing from `script-src` → Stripe JS never loads → payment form never renders - `https://js.stripe.com` missing from `frame-src` → Stripe Elements iframe blocked - `https://fonts.googleapis.com` missing from `style-src` → Google Fonts CSS blocked - `https://fonts.gstatic.com` missing from `font-src` → Google Fonts files blocked - `https://static.cloudflareinsights.com` added to `script-src` (noisy violation) ## Test Verify on stage: - [ ] Sign in buttons work (no `signInWith is not defined` in console) - [ ] No `SyntaxError: Unexpected string` in console - [ ] Checkout page renders Stripe payment form - [ ] Fonts render correctly (Playfair Display / IBM Plex Sans)
will.anderson added 1 commit 2026-05-19 17:13:25 +00:00
Fix SyntaxError in account-dashboard and expand CSP
Dev — Build & local smoke test / build-smoke (pull_request) Successful in 1m37s
Details
d2ae0b4b60 
Replace ternary operator in native_js block with explicit if-else —
El's parser chokes on '?' adjacent to single-quoted strings inside
native_js(), causing an Uncaught SyntaxError that prevents the entire
IIFE from running and leaves signInWith undefined.

Add missing CSP entries to all three header functions:
- js.stripe.com → script-src and frame-src (Stripe JS and Elements iframe)
- fonts.googleapis.com → style-src (Google Fonts CSS)
- fonts.gstatic.com → font-src (Google Fonts files)
- static.cloudflareinsights.com → script-src (Cloudflare beacon)
will.anderson merged commit 6a7b8382ea into dev 2026-05-19 17:13:43 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
tim.lingo (Tim Lingo) will.anderson (Will Anderson)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: neuron-technologies/neuron-web#152
Delete Branch "fix/syntax-error-and-csp"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?