fix: vercel -> cfpages changes

.nvmrc

@@ -1 +1 @@
-lts/jod
+22.15.1

README.md

@@ -7,14 +7,14 @@ peer-to-peer among its users or into any on-chain liquidity source while
 providing MEV protection.
 
 | **Platform**          | **Link**                                                                                                      |
-| --------------------- | ------------------------------------------------------------------------------------------------------------- |
+|-----------------------|---------------------------------------------------------------------------------------------------------------|
 | 🐮 **CoW Swap** 🐮    | [swap.cow.fi](https://swap.cow.fi/)                                                                           |
 | CoW Swap (IPFS)       | Every release is deployed automatically to IPFS ([Releases](https://github.com/cowprotocol/cowswap/releases)) |
 | CoW Swap (ENS)        | [ens://cowswap.eth](ens://cowswap.eth) or ([cowswap.eth.limo](https://cowswap.eth.limo))                      |
 | CoW Protocol          | [cow.fi](https://cow.fi)                                                                                      |
 | Docs                  | [docs.cow.fi](https://docs.cow.fi)                                                                            |
 | Governance (Snapshot) | [snapshot.org/#/cow.eth](https://snapshot.org/#/cow.eth)                                                      |
-| Stats                 | [dune.com/cowprotocol/cowswap](https://dune.com/cowprotocol/cow-swap-home)                                          |
+| Stats                 | [dune.com/cowprotocol/cowswap](https://dune.com/cowprotocol/cow-swap-home)                                    |
 | X/Twitter             | [@CoWSwap](https://twitter.com/CoWSwap)                                                                       |
 | Discord               | [discord.com/invite/cowprotocol](https://discord.com/invite/cowprotocol)                                      |
 | Forum                 | [forum.cow.fi](https://forum.cow.fi)                                                                          |
@@ -67,6 +67,18 @@ Build the project. The static files will be generated in the `build` folder.
 pnpm run build
 ```
 
+### Sentry Sourcemaps
+
+`cowswap-frontend` generates production sourcemaps for Sentry.
+
+- Runtime error reporting still uses `REACT_APP_SENTRY_DSN`.
+- Build-time sourcemap upload uses `SENTRY_AUTH_TOKEN`.
+- `SENTRY_ORG` and `SENTRY_PROJECT` are optional overrides.
+  Defaults:
+  `cowprotocol` and `cowswap`
+
+If `SENTRY_AUTH_TOKEN` is not set, the build still succeeds, but sourcemaps are not uploaded to Sentry.
+
 ## Unit testing
 
 ```bash
@@ -219,6 +231,24 @@ The API endpoint is configured using the environment variable
 REACT_APP_ORDER_BOOK_URLS='{"1":"https://YOUR_HOST","100":"https://YOUR_HOST","5":"https://YOUR_HOST"}
 ```
 
+## Sentry Configuration
+
+For `apps/cowswap-frontend`:
+
+```ini
+REACT_APP_SENTRY_DSN=https://<public-dsn>
+SENTRY_AUTH_TOKEN=<sentry-auth-token>
+```
+
+Optional overrides for the build-time upload target:
+
+```ini
+SENTRY_ORG=cowprotocol
+SENTRY_PROJECT=cowswap
+```
+
+`SENTRY_AUTH_TOKEN` is the only required secret for source map upload. The org and project values are public identifiers and already default to the values above.
+
 ## BFF API Endpoints (Backend for Frontend)
 
 The BFF API is a helper API that provides some additional data to the frontend.
@@ -263,7 +293,7 @@ All price feeds are enabled by default, but they can be individually disabled by
 using an environment variable:
 
 | Name      | Environment variable                 | Type                         | Description                                                                          |
-| --------- | ------------------------------------ | ---------------------------- | ------------------------------------------------------------------------------------ |
+|-----------|--------------------------------------|------------------------------|--------------------------------------------------------------------------------------|
 | **1inch** | `REACT_APP_PRICE_FEED_1INCH_ENABLED` | `boolean` (default = `true`) | [Paraswap](https://1inch.exchange) price estimation. Used for all price estimations. |
 | **0x**    | `REACT_APP_PRICE_FEED_0X_ENABLED`    | `boolean` (default = `true`) | [0x](https://0x.org/) price estimation. Used for all price estimation.               |
 

apps/cowswap-frontend/.env

@@ -33,6 +33,13 @@
 # Sentry
 #REACT_APP_SENTRY_DSN='https://<url>'
 #REACT_APP_SENTRY_TRACES_SAMPLE_RATE="1.0"
+#
+# Production sourcemaps can be uploaded during the build with:
+# SENTRY_AUTH_TOKEN='<token>'
+#
+# Optional overrides for the upload target. These default to the values below.
+# SENTRY_ORG='cowprotocol'
+# SENTRY_PROJECT='cowswap'
 
 # IPFS uploading
 #REACT_APP_PINATA_API_KEY=

apps/cowswap-frontend/public/_headers

@@ -0,0 +1,6 @@
+/*
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://*.cow.fi https://telegram.org https://*.appzi.io https://www.googletagmanager.com https://s3.amazonaws.com https://www.redditstatic.com https://www.google-analytics.com https://www.clarity.ms https://tag.safary.club https://static.ads-twitter.com https://scripts.clarity.ms https://api.hypelab.com https://googleads.g.doubleclick.net https://tag.adrsbl.io https://cdn.spindl.xyz https://r2.ixncdn.com https://cdn.id5-sync.com 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src 'self' data: blob: https:; font-src * data:; connect-src *; media-src * data: blob:; frame-src *; frame-ancestors *; worker-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; upgrade-insecure-requests;
+  Cross-Origin-Opener-Policy: same-origin-allow-popups
+  Cross-Origin-Resource-Policy: cross-origin
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: strict-origin-when-cross-origin

apps/cowswap-frontend/vite.config.mts

@@ -1,5 +1,6 @@
 /// <reference types="vitest" />
 import { lingui } from '@lingui/vite-plugin'
+import { sentryVitePlugin } from '@sentry/vite-plugin'
 import react from '@vitejs/plugin-react-swc'
 import stdLibBrowser from 'node-stdlib-browser'
 import { bundleStats } from 'rollup-plugin-bundle-stats'
@@ -15,6 +16,8 @@ import viteTsConfigPaths from 'vite-tsconfig-paths'
 import { execSync } from 'child_process'
 import * as path from 'path'
 
+import pkg from './package.json'
+
 import { formatChunkFileName } from '../../tools/formatChunkFileName'
 import { getReactProcessEnv } from '../../tools/getReactProcessEnv'
 import { robotsPlugin } from '../../tools/vite-plugins/robotsPlugin'
@@ -30,6 +33,12 @@ const nodeDepsToInclude = ['crypto', 'stream']
 
 const analyzeBundle = process.env.ANALYZE_BUNDLE === 'true'
 const analyzeBundleTemplate: TemplateType = (process.env.ANALYZE_BUNDLE_TEMPLATE as TemplateType) || 'treemap' //  "sunburst" | "treemap" | "network" | "raw-data" | "list";
+const defaultSentryOrg = 'cowprotocol'
+const defaultSentryProject = 'cowswap'
+const sentryAuthToken = process.env.SENTRY_AUTH_TOKEN
+const sentryOrg = process.env.SENTRY_ORG || defaultSentryOrg
+const sentryProject = process.env.SENTRY_PROJECT || defaultSentryProject
+const sentryReleaseName = `CowSwap@v${pkg.version}`
 
 // eslint-disable-next-line max-lines-per-function
 export default defineConfig(({ mode, isPreview }) => {
@@ -87,6 +96,31 @@ export default defineConfig(({ mode, isPreview }) => {
     plugins.push(bundleStats() as PluginOption)
   }
 
+  if (isProduction && sentryAuthToken) {
+    plugins.push(
+      ...sentryVitePlugin({
+        org: sentryOrg,
+        project: sentryProject,
+        authToken: sentryAuthToken,
+        telemetry: false,
+        release: {
+          name: sentryReleaseName,
+          inject: false,
+          create: true,
+          finalize: true,
+        },
+        sourcemaps: {
+          // Use absolute globs so cleanup works both in Nx builds from the repo root
+          // and direct Vite builds from the app directory.
+          filesToDeleteAfterUpload: [
+            path.resolve(__dirname, '../../build/cowswap/**/*.map'),
+            path.resolve(__dirname, './dist/**/*.map'),
+          ],
+        },
+      }),
+    )
+  }
+
   // Disable page indexing for non-prod envs
   if (!isProduction) {
     plugins.push(

docs/CLOUDFLARE_PAGES_MIGRATION.md

@@ -0,0 +1,91 @@
+# Cloudflare Pages Migration Notes
+
+Scope: `apps/cowswap-frontend` and `apps/explorer` only. `cow-fi` is intentionally excluded.
+
+## Repo-backed equivalents
+
+### `apps/cowswap-frontend`
+
+Vercel source of truth:
+- `apps/cowswap-frontend/vercel.ts`
+
+Cloudflare Pages equivalent:
+- `apps/cowswap-frontend/public/_headers`
+
+Captured in `_headers`:
+- `Content-Security-Policy`
+- `Cross-Origin-Opener-Policy`
+- `Cross-Origin-Resource-Policy`
+- `X-Content-Type-Options`
+- `Referrer-Policy`
+
+Notes:
+- The Vercel redirect that sends non-asset routes to `/` is not copied into `_redirects`.
+- Cloudflare Pages already provides SPA fallback for projects without a top-level `404.html`, which matches the current app output.
+
+### `apps/explorer`
+
+Vercel source of truth:
+- `apps/explorer/vercel.json`
+
+Cloudflare Pages equivalent:
+- No repo file is required for the current rewrite behavior.
+
+Notes:
+- The Vercel rewrite from `/(.*)` to `/index.html` is intentionally not translated to `_redirects`.
+- Cloudflare Pages SPA fallback covers this app as long as the build output does not introduce a top-level `404.html`.
+
+## Cloudflare Pages UI or API settings
+
+These settings do not have an equivalent static file in this repo for the current setup and must be configured per Pages project:
+- Git repository connection
+- Production branch
+- Preview branch controls
+- Root directory
+- Build command
+- Build output directory
+- Environment variables
+- Secrets
+- Custom domains
+- Branch-to-domain mappings, if used
+
+Recommended project settings:
+
+### `cowswap`
+- Root directory: repository root
+- Build command: `pnpm run install:ci && pnpm run build:cowswap`
+- Build output directory: `build/cowswap`
+- Build variable: `SKIP_DEPENDENCY_INSTALL=1`
+- Secret: `SENTRY_AUTH_TOKEN` for build-time sourcemap upload
+- Optional overrides:
+  - `SENTRY_ORG=cowprotocol`
+  - `SENTRY_PROJECT=frontend`
+  - These are already the repo defaults and only need to be set if you want to override them.
+
+### `explorer`
+- Root directory: repository root
+- Build command: `pnpm run install:ci && pnpm run build:explorer`
+- Build output directory: `build/explorer`
+- Build variable: `SKIP_DEPENDENCY_INSTALL=1`
+
+## No exact Cloudflare Pages file alternative
+
+### `cowswap` Vercel regex redirect
+
+Current Vercel behavior:
+- `source: /((?!#|.*[\\w\\d\\.-]\\.\\w{2,15}$).+)`
+- `destination: /`
+
+Why it is not translated:
+- Cloudflare Pages `_redirects` does not support the same regex semantics.
+- Using a broad `_redirects` rule here would be a behavior change because Pages redirect rules run before header matching and static asset resolution logic differs from the Vercel config.
+
+Fallback used instead:
+- Native Cloudflare Pages SPA serving.
+
+## Validation checklist
+
+- `apps/cowswap-frontend/public/_headers` is copied into `build/cowswap/_headers`.
+- `build/cowswap` and `build/explorer` do not contain a top-level `404.html`.
+- Deep links for both apps resolve correctly on Pages preview deployments.
+- `cowswap` document responses include the migrated security headers.

package.json

@@ -23,7 +23,7 @@
     "start:sdk-tools": "nx run sdk-tools:serve",
     "build": "pnpm run build:cowswap",
     "build:all": "nx run-many -t build --no-cloud",
-    "build:cowswap": "cross-env NODE_ENV=production nx build cowswap-frontend --no-cloud",
+    "build:cowswap": "cross-env NODE_ENV=production NODE_OPTIONS=--max-old-space-size=8192 nx build cowswap-frontend --no-cloud",
     "build:explorer": "nx build explorer --no-cloud",
     "build:widget": "nx build widget-configurator --no-cloud",
     "build:cowfi": "nx build cow-fi --no-cloud && pnpm run postbuild:cowfi",