From 63d31eab8fac8d6e9b306a9ad98c1ab6b8f372d9 Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Mon, 28 Oct 2024 11:06:26 -0300
Subject: [PATCH 1/9] fix: check vtex ads

---
 src/components/config/ecommerce/vtex/Config.vue | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/components/config/ecommerce/vtex/Config.vue b/src/components/config/ecommerce/vtex/Config.vue
index 3ff20b8b..f4159374 100644
--- a/src/components/config/ecommerce/vtex/Config.vue
+++ b/src/components/config/ecommerce/vtex/Config.vue
@@ -316,10 +316,13 @@
           await this.syncSellers({ uuid: this.appUuid, payload: payloadSync });
           this.disableSellers = true;
         }
-        await this.syncADS({
-          uuid: this.appUuid,
-          payload: { project_uuid: this.project, vtex_ads: this.vtexADS },
-        });
+
+        if ('vtex_ads' in this.appConfig) {
+          await this.syncADS({
+            uuid: this.appUuid,
+            payload: { project_uuid: this.project, vtex_ads: this.vtexADS },
+          });
+        }
 
         if (this.errorSyncSellers) {
           this.callModal({ text: this.$t('vtex.errors.redirect_to_wpp_catalog'), type: 'error' });

From 61c9e8f6934012116ce14baa3befbab345ac5d5f Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Mon, 28 Oct 2024 11:22:38 -0300
Subject: [PATCH 2/9] fix: tests

---
 src/components/config/ecommerce/vtex/Config.vue  | 13 ++++++-------
 .../config/ecommerce/vtex/Config.spec.js         | 16 ----------------
 2 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/src/components/config/ecommerce/vtex/Config.vue b/src/components/config/ecommerce/vtex/Config.vue
index 99238c5f..e5831428 100644
--- a/src/components/config/ecommerce/vtex/Config.vue
+++ b/src/components/config/ecommerce/vtex/Config.vue
@@ -317,6 +317,12 @@
         this.selectedSellers = value;
       },
       async handleSave() {
+        if (this.appConfig?.vtex_ads !== undefined) {
+          await this.syncADS({
+            uuid: this.appUuid,
+            payload: { project_uuid: this.project, vtex_ads: this.vtexADS },
+          });
+        }
         const sellers = this.selectedSellers.map((item) => item.value);
         if (sellers.length) {
           const payloadSync = {
@@ -327,13 +333,6 @@
           this.disableSellers = true;
         }
 
-        if ('vtex_ads' in this.appConfig) {
-          await this.syncADS({
-            uuid: this.appUuid,
-            payload: { project_uuid: this.project, vtex_ads: this.vtexADS },
-          });
-        }
-
         if (this.errorSyncSellers) {
           this.callModal({
             text: i18n.global.t('vtex.errors.redirect_to_wpp_catalog'),
diff --git a/src/tests/components/config/ecommerce/vtex/Config.spec.js b/src/tests/components/config/ecommerce/vtex/Config.spec.js
index c9ff077b..44042686 100644
--- a/src/tests/components/config/ecommerce/vtex/Config.spec.js
+++ b/src/tests/components/config/ecommerce/vtex/Config.spec.js
@@ -100,22 +100,6 @@ describe('vtex-config Component', () => {
     });
   });
 
-  it('should show an alert when there are no selected sellers during save', async () => {
-    const unnnicCallAlertSpy = vi.spyOn(unnnic, 'unnnicCallAlert');
-
-    await wrapper.vm.handleSave();
-
-    expect(unnnicCallAlertSpy).toHaveBeenCalledWith(
-      expect.objectContaining({
-        props: {
-          text: 'Failed to redirect to catalog, please refresh the page and try again',
-          type: 'error',
-        },
-        seconds: 6,
-      }),
-    );
-  });
-
   it('should render sellers list correctly when hasConnectedCatalog is true', async () => {
     wrapper.vm.sellersList = ['Seller 1', 'Seller 2'];
     await wrapper.vm.$nextTick();

From 47de0f6037ad527362ce5946819d38547ccac7d1 Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Wed, 30 Oct 2024 17:51:47 -0300
Subject: [PATCH 3/9] fix: disable sellers

---
 src/components/config/ecommerce/vtex/Config.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/components/config/ecommerce/vtex/Config.vue b/src/components/config/ecommerce/vtex/Config.vue
index e5831428..fec089ad 100644
--- a/src/components/config/ecommerce/vtex/Config.vue
+++ b/src/components/config/ecommerce/vtex/Config.vue
@@ -341,7 +341,6 @@
           return;
         }
         this.callModal({ text: i18n.global.t('vtex.success.sync_sellers'), type: 'success' });
-        this.disableSellers = true;
       },
       updateVtexADS(value) {
         this.vtexADS = value;

From e18f6ceb21260373880f98c447add2c205141e7b Mon Sep 17 00:00:00 2001
From: Matheus Cristian <mathues@email.com>
Date: Thu, 31 Oct 2024 15:54:08 -0300
Subject: [PATCH 4/9] feat(csp-settings): adds Content-Security-Policy settings

---
 nginx.conf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index 6738f7c6..ce1ed906 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -25,6 +25,18 @@ http {
   access_log                    /dev/stdout main;
 
   server {
+    set $CSP_DEFAULT "default-src 'self' blob:";
+    set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
+    set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br fonts.googleapis.com";
+    set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
+    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";
+    set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_FRAME_SRC "frame-src 'self' https://td.doubleclick.net";
+    set $CSP_WORKER_SRC "worker-src data: blob:";
+    set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";
+
+    add_header Content-Security-Policy "${CSP_DEFAULT}; ${CSP_SCRIPT}; ${CSP_STYLE}; ${CSP_FONT}; ${CSP_IMAGE}; ${CSP_CONNECT}; ${CSP_FRAME_SRC}; ${CSP_WORKER_SRC}; ${CSP_FRAME_ANCESTORS};";
+
     listen                      8080;
     server_name                 localhost;
     client_max_body_size        32m;

From def1d8b2d19509f08cdc619606e471da43cbaeb2 Mon Sep 17 00:00:00 2001
From: Matheus Cristian <mathues@email.com>
Date: Thu, 31 Oct 2024 16:17:01 -0300
Subject: [PATCH 5/9] feat(csp-settings): adds weni domain to frame src

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index ce1ed906..ef64c3fa 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -31,7 +31,7 @@ http {
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";
     set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
-    set $CSP_FRAME_SRC "frame-src 'self' https://td.doubleclick.net";
+    set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";
 

From f464151d05a9af8dc0c72fb1e73d018a4563a8ba Mon Sep 17 00:00:00 2001
From: Matheus Cristian <mathues@email.com>
Date: Thu, 31 Oct 2024 17:04:03 -0300
Subject: [PATCH 6/9] feat(csp-settings): adds accounts.google.com  domain to
 frame src

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index ef64c3fa..25a8040f 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -26,7 +26,7 @@ http {
 
   server {
     set $CSP_DEFAULT "default-src 'self' blob:";
-    set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
+    set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";

From 12bde978aeebeb719dbe89c3971cdb283f608b27 Mon Sep 17 00:00:00 2001
From: Matheus Cristian <mathues@email.com>
Date: Thu, 31 Oct 2024 17:24:21 -0300
Subject: [PATCH 7/9] feat(csp-settings): adds accounts.google.com  domain to
 frame src

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 25a8040f..c697f54d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -27,7 +27,7 @@ http {
   server {
     set $CSP_DEFAULT "default-src 'self' blob:";
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
-    set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br fonts.googleapis.com";
+    set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";
     set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";

From e1779bd835b08c05318a0e3c89fa71a4bda573b7 Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 31 Oct 2024 17:41:54 -0300
Subject: [PATCH 8/9] chore: bump version

---
 CHANGELOG.md | 9 +++++++++
 package.json | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a221b1cb..ffbd341f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+2.2.8
+----------
+`2024-10-31·  1 🐛 · 1 🎉 `
+
+### 🐛 Bug fixes
+- Fix: VTEX Config - check vtex ADS prop.
+### 🎉 New Features
+- Feat: Added `Content-Security-Policy (CSP)` settings header.
+
 2.2.7
 ----------
 `2024-10-24·  1 🐛 · 1 🎉 `
diff --git a/package.json b/package.json
index 286b39d3..085c36d7 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "weni-integrations",
-  "version": "2.2.7",
+  "version": "2.2.8",
   "private": true,
   "type": "module",
   "scripts": {

From f23e80a89a5e6f379889519b9575481cdf336aef Mon Sep 17 00:00:00 2001
From: Matheus Cristian <mathues@email.com>
Date: Fri, 1 Nov 2024 09:45:09 -0300
Subject: [PATCH 9/9] feat(csp): adds account.google.com to connect-src

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index c697f54d..68478aeb 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -30,7 +30,7 @@ http {
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";
-    set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";