Merge pull request #424 from grant-project/develop

Release 1.1.1

backend/.env.example

@@ -9,6 +9,8 @@ SENDGRID_API_KEY="optional, but emails won't send without it"
 
 # set this so third-party cookie blocking doesn't kill backend sessions (production)
 # SESSION_COOKIE_DOMAIN="zfnd.org"
+# Limit CORS to these domains, no spaces in seperators. Defaults to '*'.
+# CORS_DOMAINS="domain.com,domain2.com"
 
 # SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID"
 # SENTRY_RELEASE="optional, provides sentry logging with release info"

backend/grant/app.py

@@ -12,7 +12,7 @@ from sentry_sdk.integrations.flask import FlaskIntegration
 from sentry_sdk.integrations.logging import LoggingIntegration
 from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e
 from grant.extensions import bcrypt, migrate, db, ma, security, limiter
-from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG
+from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, CORS_DOMAINS
 from grant.utils.auth import AuthException, handle_auth_error, get_authed_user
 from grant.utils.exceptions import ValidationException
 
@@ -120,8 +120,9 @@ def register_extensions(app):
     user_datastore = SQLAlchemyUserDatastore(db, user.models.User, user.models.Role)
     security.init_app(app, datastore=user_datastore, register_blueprint=False)
 
-    # supports_credentials for session cookies
-    CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed')
+    # supports_credentials for session cookies, on cookie domains (if set)
+    origins = CORS_DOMAINS.split(',')
+    CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins)
     SSLify(app)
     return None
 

backend/grant/settings.py

@@ -29,6 +29,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
 
 # so backend session cookies are first-party
 SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None)
+CORS_DOMAINS = env.str('CORS_DOMAINS', default='*')
 
 SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="")
 SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org"

frontend/client/components/CreateFlow/Basics.tsx

@@ -1,6 +1,5 @@
 import React from 'react';
 import { connect } from 'react-redux';
-import BN from 'bn.js';
 import { Input, Form, Icon, Select, Alert, Popconfirm, message, Radio } from 'antd';
 import { SelectValue } from 'antd/lib/select';
 import { RadioChangeEvent } from 'antd/lib/radio';
@@ -75,7 +74,7 @@ class CreateFlowBasics extends React.Component<Props, State> {
     }
 
     const rfpOptInRequired =
-      rfp && (rfp.matching || (rfp.bounty && new BN(rfp.bounty).gtn(0)));
+      rfp && (rfp.matching || (rfp.bounty && parseFloat(rfp.bounty.toString()) > 0));
 
     return (
       <Form layout="vertical" style={{ maxWidth: 600, margin: '0 auto' }}>

frontend/client/modules/create/utils.ts

@@ -107,7 +107,7 @@ export function getCreateErrors(
   const targetFloat = target ? parseFloat(target) : 0;
   if (target && !Number.isNaN(targetFloat)) {
     const limit = parseFloat(process.env.PROPOSAL_TARGET_MAX as string);
-    const targetErr = getAmountError(targetFloat, limit, 1);
+    const targetErr = getAmountError(targetFloat, limit, 0.001);
     if (targetErr) {
       errors.target = targetErr;
     }