fix(foxy-template-config-form): reorder csp sections

pheekus · pheekus · commit 1936a8db1a9e · 2025-05-13T14:33:34.000-03:00
diff --git a/src/elements/public/TemplateConfigForm/TemplateConfigForm.stories.ts b/src/elements/public/TemplateConfigForm/TemplateConfigForm.stories.ts
@@ -96,14 +96,14 @@ const summary: Summary = {
       'checkout-fields-group-three:custom-checkout-field-requirements-coupon-entry',
 
       'csp',
-      'csp-group-one',
-      'csp-group-one:csp-enable-csp',
-      'csp-group-one:csp-policy-enforce-reporting-endpoint',
-      'csp-group-one:csp-policy-enforce-script-src',
       'csp-group-two',
-      'csp-group-two:csp-enable-ro-csp',
-      'csp-group-two:csp-policy-report-reporting-endpoint',
-      'csp-group-two:csp-policy-report-script-src',
+      'csp-group-two:csp-enable-csp',
+      'csp-group-two:csp-policy-enforce-reporting-endpoint',
+      'csp-group-two:csp-policy-enforce-script-src',
+      'csp-group-one',
+      'csp-group-one:csp-enable-ro-csp',
+      'csp-group-one:csp-policy-report-reporting-endpoint',
+      'csp-group-one:csp-policy-report-script-src',
 
       'analytics-config',
       'analytics-config:analytics-config-usage',
diff --git a/src/elements/public/TemplateConfigForm/TemplateConfigForm.test.ts b/src/elements/public/TemplateConfigForm/TemplateConfigForm.test.ts
@@ -1100,7 +1100,7 @@ describe('TemplateConfigForm', () => {
     const layout = html`<foxy-template-config-form></foxy-template-config-form>`;
     const element = await fixture<Form>(layout);
     const control = element.renderRoot.querySelector<InternalSwitchControl>(
-      '[infer="csp"] [infer="csp-group-one"] foxy-internal-switch-control[infer="csp-enable-csp"]'
+      '[infer="csp"] [infer="csp-group-two"] foxy-internal-switch-control[infer="csp-enable-csp"]'
     );
 
     expect(control).to.exist;
@@ -1139,7 +1139,7 @@ describe('TemplateConfigForm', () => {
     await element.requestUpdate();
 
     const control = element.renderRoot.querySelector(
-      '[infer="csp"] [infer="csp-group-one"] foxy-internal-text-control[infer="csp-policy-enforce-reporting-endpoint"]'
+      '[infer="csp"] [infer="csp-group-two"] foxy-internal-text-control[infer="csp-policy-enforce-reporting-endpoint"]'
     );
 
     expect(control).to.exist;
@@ -1159,7 +1159,7 @@ describe('TemplateConfigForm', () => {
     await element.requestUpdate();
 
     const control = element.renderRoot.querySelector(
-      '[infer="csp"] [infer="csp-group-one"] foxy-internal-editable-list-control[infer="csp-policy-enforce-script-src"]'
+      '[infer="csp"] [infer="csp-group-two"] foxy-internal-editable-list-control[infer="csp-policy-enforce-script-src"]'
     );
 
     expect(control).to.exist;
@@ -1174,7 +1174,7 @@ describe('TemplateConfigForm', () => {
     const layout = html`<foxy-template-config-form></foxy-template-config-form>`;
     const element = await fixture<Form>(layout);
     const control = element.renderRoot.querySelector<InternalSwitchControl>(
-      '[infer="csp"] [infer="csp-group-two"] foxy-internal-switch-control[infer="csp-enable-ro-csp"]'
+      '[infer="csp"] [infer="csp-group-one"] foxy-internal-switch-control[infer="csp-enable-ro-csp"]'
     );
 
     expect(control).to.exist;
@@ -1213,7 +1213,7 @@ describe('TemplateConfigForm', () => {
     await element.requestUpdate();
 
     const control = element.renderRoot.querySelector(
-      '[infer="csp"] [infer="csp-group-two"] foxy-internal-text-control[infer="csp-policy-report-reporting-endpoint"]'
+      '[infer="csp"] [infer="csp-group-one"] foxy-internal-text-control[infer="csp-policy-report-reporting-endpoint"]'
     );
 
     expect(control).to.exist;
@@ -1233,7 +1233,7 @@ describe('TemplateConfigForm', () => {
     await element.requestUpdate();
 
     const control = element.renderRoot.querySelector(
-      '[infer="csp"] [infer="csp-group-two"] foxy-internal-editable-list-control[infer="csp-policy-report-script-src"]'
+      '[infer="csp"] [infer="csp-group-one"] foxy-internal-editable-list-control[infer="csp-policy-report-script-src"]'
     );
 
     expect(control).to.exist;
diff --git a/src/elements/public/TemplateConfigForm/TemplateConfigForm.ts b/src/elements/public/TemplateConfigForm/TemplateConfigForm.ts
@@ -706,45 +706,45 @@ export class TemplateConfigForm extends Base<Data> {
             json-template=${this.__defaultJSON}
             json-path="csp.usage"
             property="json"
-            infer="csp-enable-csp"
-            .getValue=${this.__cspUsageGetValue}
-            .setValue=${this.__cspUsageSetValue}
+            infer="csp-enable-ro-csp"
+            .getValue=${this.__cspRoUsageGetValue}
+            .setValue=${this.__cspRoUsageSetValue}
           >
           </foxy-internal-switch-control>
 
-          ${formCspUsage === 'enforce' || formCspUsage === 'both'
+          ${formCspUsage === 'report' || formCspUsage === 'both'
             ? html`
                 <foxy-internal-text-control
                   json-template=${this.__defaultJSON}
-                  json-path="csp.policy_enforce.reporting_endpoint"
+                  json-path="csp.policy_report.reporting_endpoint"
                   property="json"
                   layout="summary-item"
-                  infer="csp-policy-enforce-reporting-endpoint"
+                  infer="csp-policy-report-reporting-endpoint"
                 >
                 </foxy-internal-text-control>
 
                 <foxy-internal-editable-list-control
                   json-template=${this.__defaultJSON}
-                  json-path="csp.policy_enforce.script_src"
+                  json-path="csp.policy_report.script_src"
                   property="json"
                   layout="summary-item"
-                  infer="csp-policy-enforce-script-src"
+                  infer="csp-policy-report-script-src"
                   simple-value
                 >
                 </foxy-internal-editable-list-control>
 
-                ${dataCspUsage === 'none' || dataCspUsage === 'report'
+                ${dataCspUsage === 'none' || dataCspUsage === 'enforce'
                   ? html`
                       <div
-                        class="flex items-start bg-error-10"
+                        class="flex items-start bg-primary-10"
                         style="gap: calc(0.625em + (var(--lumo-border-radius) / 4) - 1px)"
                       >
-                        ${svg`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true" class="flex-shrink-0 text-error" style="width: 1.25em"><path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495ZM10 5a.75.75 0 0 1 .75.75v3.5a.75.75 0 0 1-1.5 0v-3.5A.75.75 0 0 1 10 5Zm0 9a1 1 0 1 0 0-2 1 1 0 0 0 0 2Z" clip-rule="evenodd" /></svg>`}
+                        ${svg`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class="flex-shrink-0 text-primary" style="width: 1.25em"><path fill-rule="evenodd" d="M18 10a8 8 0 1 1-16 0 8 8 0 0 1 16 0Zm-7-4a1 1 0 1 1-2 0 1 1 0 0 1 2 0ZM9 9a.75.75 0 0 0 0 1.5h.253a.25.25 0 0 1 .244.304l-.459 2.066A1.75 1.75 0 0 0 10.747 15H11a.75.75 0 0 0 0-1.5h-.253a.25.25 0 0 1-.244-.304l.459-2.066A1.75 1.75 0 0 0 9.253 9H9Z" clip-rule="evenodd" /></svg>`}
                         <p>
                           <foxy-i18n infer="" key="warning"></foxy-i18n>
                           <a
                             target="_blank"
-                            class="inline-block rounded font-medium text-error transition-colors cursor-pointer hover-opacity-80 focus-outline-none focus-ring-2 focus-ring-error-50"
+                            class="inline-block rounded font-medium text-primary transition-colors cursor-pointer hover-opacity-80 focus-outline-none focus-ring-2 focus-ring-primary-50"
                             href="https://wiki.foxycart.com/v/2.0/content_security_policy"
                           >
                             wiki.foxycart.com
@@ -762,45 +762,45 @@ export class TemplateConfigForm extends Base<Data> {
             json-template=${this.__defaultJSON}
             json-path="csp.usage"
             property="json"
-            infer="csp-enable-ro-csp"
-            .getValue=${this.__cspRoUsageGetValue}
-            .setValue=${this.__cspRoUsageSetValue}
+            infer="csp-enable-csp"
+            .getValue=${this.__cspUsageGetValue}
+            .setValue=${this.__cspUsageSetValue}
           >
           </foxy-internal-switch-control>
 
-          ${formCspUsage === 'report' || formCspUsage === 'both'
+          ${formCspUsage === 'enforce' || formCspUsage === 'both'
             ? html`
                 <foxy-internal-text-control
                   json-template=${this.__defaultJSON}
-                  json-path="csp.policy_report.reporting_endpoint"
+                  json-path="csp.policy_enforce.reporting_endpoint"
                   property="json"
                   layout="summary-item"
-                  infer="csp-policy-report-reporting-endpoint"
+                  infer="csp-policy-enforce-reporting-endpoint"
                 >
                 </foxy-internal-text-control>
 
                 <foxy-internal-editable-list-control
                   json-template=${this.__defaultJSON}
-                  json-path="csp.policy_report.script_src"
+                  json-path="csp.policy_enforce.script_src"
                   property="json"
                   layout="summary-item"
-                  infer="csp-policy-report-script-src"
+                  infer="csp-policy-enforce-script-src"
                   simple-value
                 >
                 </foxy-internal-editable-list-control>
 
-                ${dataCspUsage === 'none' || dataCspUsage === 'enforce'
+                ${dataCspUsage === 'none' || dataCspUsage === 'report'
                   ? html`
                       <div
-                        class="flex items-start bg-primary-10"
+                        class="flex items-start bg-error-10"
                         style="gap: calc(0.625em + (var(--lumo-border-radius) / 4) - 1px)"
                       >
-                        ${svg`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class="flex-shrink-0 text-primary" style="width: 1.25em"><path fill-rule="evenodd" d="M18 10a8 8 0 1 1-16 0 8 8 0 0 1 16 0Zm-7-4a1 1 0 1 1-2 0 1 1 0 0 1 2 0ZM9 9a.75.75 0 0 0 0 1.5h.253a.25.25 0 0 1 .244.304l-.459 2.066A1.75 1.75 0 0 0 10.747 15H11a.75.75 0 0 0 0-1.5h-.253a.25.25 0 0 1-.244-.304l.459-2.066A1.75 1.75 0 0 0 9.253 9H9Z" clip-rule="evenodd" /></svg>`}
+                        ${svg`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true" class="flex-shrink-0 text-error" style="width: 1.25em"><path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495ZM10 5a.75.75 0 0 1 .75.75v3.5a.75.75 0 0 1-1.5 0v-3.5A.75.75 0 0 1 10 5Zm0 9a1 1 0 1 0 0-2 1 1 0 0 0 0 2Z" clip-rule="evenodd" /></svg>`}
                         <p>
                           <foxy-i18n infer="" key="warning"></foxy-i18n>
                           <a
                             target="_blank"
-                            class="inline-block rounded font-medium text-primary transition-colors cursor-pointer hover-opacity-80 focus-outline-none focus-ring-2 focus-ring-primary-50"
+                            class="inline-block rounded font-medium text-error transition-colors cursor-pointer hover-opacity-80 focus-outline-none focus-ring-2 focus-ring-error-50"
                             href="https://wiki.foxycart.com/v/2.0/content_security_policy"
                           >
                             wiki.foxycart.com
diff --git a/src/static/translations/template-config-form/en.json b/src/static/translations/template-config-form/en.json
@@ -417,20 +417,20 @@
     "csp-group-one": {
       "label": "",
       "helper_text": "",
-      "warning": "This is security-related functionality that, when enabled, can stop custom scripts from loading on your checkout. Ensure you include any domains as custom script sources above, and review the documentation for this functionality:",
-      "csp-enable-csp": {
-        "label": "Enable Content Security Policy",
-        "helper_text": "Protects your checkout page by blocking remote content that isn’t explicitly allowed. Scripts and assets loaded by Foxy (including payment gateways and analytics) are always allowed, regardless of the settings below.",
+      "warning": "Please review the documentation for this functionality to ensure you understand potential impacts:",
+      "csp-enable-ro-csp": {
+        "label": "Enable Report-Only Content Security Policy",
+        "helper_text": "Test your policy without blocking content. This mode logs violations of the rules below, but still allows the content to load. As with enforced mode, Foxy-managed content (e.g., gateways, analytics) is always allowed and excluded from reporting.",
         "checked": "Yes",
         "unchecked": "No"
       },
-      "csp-policy-enforce-script-src": {
+      "csp-policy-report-script-src": {
         "label": "Custom script sources",
         "placeholder": "example.com, *.example.com",
         "helper_text": "",
         "v8n_too_long": "Domain names must not exceed 1000 characters."
       },
-      "csp-policy-enforce-reporting-endpoint": {
+      "csp-policy-report-reporting-endpoint": {
         "label": "Reporting URL",
         "helper_text": "",
         "placeholder": "Optional",
@@ -440,20 +440,20 @@
     "csp-group-two": {
       "label": "",
       "helper_text": "",
-      "warning": "Please review the documentation for this functionality to ensure you understand potential impacts:",
-      "csp-enable-ro-csp": {
-        "label": "Enable Report-Only Content Security Policy",
-        "helper_text": "Test your policy without blocking content. This mode logs violations of the rules below, but still allows the content to load. As with enforced mode, Foxy-managed content (e.g., gateways, analytics) is always allowed and excluded from reporting.",
+      "warning": "This is security-related functionality that, when enabled, can stop custom scripts from loading on your checkout. Ensure you include any domains as custom script sources above, and review the documentation for this functionality:",
+      "csp-enable-csp": {
+        "label": "Enable Content Security Policy",
+        "helper_text": "Protects your checkout page by blocking remote content that isn’t explicitly allowed. Scripts and assets loaded by Foxy (including payment gateways and analytics) are always allowed, regardless of the settings below.",
         "checked": "Yes",
         "unchecked": "No"
       },
-      "csp-policy-report-script-src": {
+      "csp-policy-enforce-script-src": {
         "label": "Custom script sources",
         "placeholder": "example.com, *.example.com",
         "helper_text": "",
         "v8n_too_long": "Domain names must not exceed 1000 characters."
       },
-      "csp-policy-report-reporting-endpoint": {
+      "csp-policy-enforce-reporting-endpoint": {
         "label": "Reporting URL",
         "helper_text": "",
         "placeholder": "Optional",
