Conversation
…endered pages to also hit server
Remove workaround added because Vercel issue was causing pre-rendered pages to also hit server
When WebAssembly is unavailable (iOS Lockdown Mode disables WASM in WebKit; restricted in-app WebViews on Android can too), the Breez SDK crashed deep in wasm-bindgen with an unrecognizable ReferenceError that landed in the generic error card and was reported to Sentry. - Gate ensureBreezWasm with a typed WebAssemblyUnavailableError so the failure has a stable identity instead of a minified bindings stack. - Catch the fire-and-forget call in entry.client.tsx so the rejection doesn't double-report via unhandledrejection. - Render a platform-aware message in the route ErrorBoundary: name Lockdown Mode explicitly for iOS / macOS Safari, generic browser- unsupported copy otherwise. Skip Sentry on this branch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Match the spacing used by the storage-blocked case so the button isn't crowding the message. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix(spark): handle missing WebAssembly with friendly error UI
Two enum values currently collide with current-spec codes, actively misclassifying spec-compliant mints: - `TRANSACTION_NOT_BALANCED = 11002` collides with spec `11002 Proofs are pending` (an already-resolved-shaped condition) - `UNIT_NOT_SUPPORTED = 11005` collides with spec `11005 Transaction is not balanced` Drift fixes (4 codes — names unchanged, values updated to current spec): - `TOKEN_VERIFICATION_FAILED` `10003` -> `10001` - `OUTPUT_ALREADY_SIGNED` `10002` -> `11003` - `TRANSACTION_NOT_BALANCED` `11002` -> `11005` - `UNIT_NOT_SUPPORTED` `11005` -> `11013` New codes added from current spec (10 entries): - `11002 PROOFS_ARE_PENDING` - `11004 OUTPUTS_ARE_PENDING` - `11011 AMOUNTLESS_INVOICE_UNSUPPORTED` - `11012 AMOUNT_MISMATCH` - `11014 MAX_INPUTS_EXCEEDED` - `11015 MAX_OUTPUTS_EXCEEDED` - `11016 DUPLICATE_QUOTE_IDS` - `11017 MAX_BATCH_SIZE_EXCEEDED` - `12003 KEYSET_EXPIRED` Renumbering is safe: every callsite uses `CashuErrorCodes.NAME`, zero raw-number references (verified via grep). Names did not change. No behaviour changes — service-level recovery branches still match the same constants they matched before; only the numeric values they expand to have shifted. Phase 1 of the spec at docs/cashu-error-classifier.md (#1104). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…o-nut-spec fix(cashu): sync error-codes enum to current NUT spec
Aligns the two receive-quote entity-tracker hooks with the useTrackCashuSendSwap naming convention. Closes #414. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
refactor(hooks): adopt useTrack naming for receive-quote trackers
…ers without cookies The session hint cookie added in 71e8a3d short-circuits SSR for unauthenticated visits, but the loader redirected on every request — including the single-fetch data requests that drive client-side navigation. That broke recovery for any user whose hint cookie wasn't present even though they were really authenticated: cookies disabled, evicted from storage, cleared manually, or logged in before the cookie existed. Their JWT was still in localStorage, but every navigation through the SPA bounced them back to /home before clientMiddleware could validate it. Gate the redirect on Sec-Fetch-Mode === 'navigate' so only top-level document navigations are intercepted. Single-fetch requests pass through and clientMiddleware does its normal JWT check. The fresh-visit "no flicker" path is unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-hint fix(auth): only redirect on document navigations to avoid trapping users without cookies
refactor(sentry): converge captureException calls on single pattern
Switch all schema files from `zod` to the tree-shakable `zod/mini` API (same `zod` package, no dependency change). Method chaining is replaced with standalone functions: `.optional()` -> `z.optional()`, `.transform()` -> `z.pipe(s, z.transform())`, `.refine()` -> `.check(z.refine())`, `.extend()`/`.and()` -> `z.extend()`/ `z.intersection()`, etc. Closes #733
refactor: migrate Zod → Zod Mini for smaller bundle
Sets the BOLT11 `h` tag on spark-account invoices created via LNURL-pay so wallets can verify the invoice commits to the metadata returned in the LUD-16 response. Extracts a shared `buildLnurlpMetadata` helper so both endpoints hash identical bytes. getLightningQuote no longer forces an empty description when descriptionHash is set — both fields are passed through to the Breez SDK as-is, which emits only the `h` tag when descriptionHash is provided (BOLT11's "d and h are alternatives" rule). The Cashu path is unchanged (blocked on CDK; documented inline). Closes #989
feat(spark): support LUD-06 description_hash on LNURL-pay
chore: enabled parent .envrc support
Prerendered routes (/home, /terms, ...) baked the request origin into their static HTML, but at build-time prerender that origin is http://localhost — so og:image/twitter:image/og:url pointed at an unreachable host and link previews showed "Image failed to load". Resolve the origin from Vercel's system env vars (production domain, or branch/deploy URL on previews) with the request origin as fallback, mirroring Next.js's metadataBase precedence. Keep the request origin for in-app links and Lightning Address generation, which must reflect the actual serving host.
fix(og): use Vercel deployment URL for absolute metadata URLs
…n't localhost Shared token links, profile URLs and `username@domain` Lightning Addresses were coming out as `http://localhost/...`. They all read `origin`/`domain` from the root loader (via useLocationData), which returned the raw request origin. At build-time prerender (`/home`, `/terms`) that origin is `http://localhost`, baked into the static HTML; because the root loader never revalidates, clients that enter via a prerendered route keep `localhost` for the whole session. This surfaced once Vercel began serving prerendered routes as static files instead of falling through to runtime SSR. #1110 fixed the symptom for OG meta only by adding a separate `canonicalOrigin` field. Fix it at the source instead: the loader now resolves `origin` (and derives `domain`) through getCanonicalOrigin, so every consumer — meta, share links, contacts, Lightning Address — gets a reachable host with no per-call changes. Drops the now-redundant `canonicalOrigin` field and reverts the meta functions to reading `origin`.
…igin derive origin/domain from the deployment URL, not the request
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
bobscully3
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
localhoston prerendered pages (canonical origin from Vercel env)description_hashon LNURL-payTest
description_hashredirectTo