Release Notes

1) SEO: Missing Meta Description

• Problem

• Lighthouse flagged: “Document does not have a meta description.”

• Impact: Lower SEO clarity and poorer SERP snippet quality.

• Root Cause

• The document's head lacked a meta description.

• Fix Implemented

• Added a concise, descriptive meta description to the document head that reflects the app’s purpose and key actions for users.

• Result

• Lighthouse SEO audit passes for meta description.

• Improved search snippet relevance.

Before:

After:

2) Accessibility: Links Without Discernible Names

• Problem

• Lighthouse/axe reported: “Links do not have a discernible name.”

• Impact: Screen readers and assistive technologies cannot interpret link purpose, harming accessibility and usability.

• Root Cause

• Logo-only navigation links wrapped in Link components lacked text alternatives or ARIA labels.

• Fix Implemented

• Added clear aria-label attributes to logo-only links on sign-in, sign-up, and verify-email pages so each link exposes an accessible name (e.g., “ChainCrib home” or “Go to sign in”).

Before:

After:

3) Performance: First Contentful Paint (FCP), Largest Contentful Paint (LCP), Speed Index

• Problems

• Slower FCP/LCP/Speed Index caused by larger initial JS and render-blocking resources.

• Root Causes

• All routes are loaded eagerly on initial render.

• External resources (fonts, third-party SDKs) impacted initial load.

• Fixes Implemented

• Route-based code splitting: Converted all page routes to lazy-loaded components with Suspense, reducing the initial JS bundle and allowing the browser to paint faster.

• Deferred third-party SDK initialization: Moved wallet/SSO initialization to occur upon user interaction rather than page load, reducing main-thread work at TTI/FCP.

• Fonts optimizations: Preconnected to Google Fonts and enabled non-blocking font loading behaviors; reduced weights in use to minimize CSS block time.

• Caching: Added long-lived cache headers for static assets to accelerate repeat visits.

• Results

• Lower initial JS cost and decreased blocking work at startup help improve FCP and Speed Index.

• Reduced third-party initialization cost before first paint.

Before:

After:

4) Best Practices: Content Security Policy (CSP) and Third-Party Cookies

• Problems

• The Issues panel flagged third-party cookies usage and CSP violations.

• CSP blocked initially required resources (e.g., fonts and API requests) and raised eval warnings.

• Root Causes

• CSP was set in a meta tag rather than via headers; not all origins required by the app were allowed.

• Some dependencies (including WASM/crypto flows) rely on eval-like behavior.

• Missing allowed origin for the backend API, resulting in requests being blocked.

• Third-party integrations are initialized on page load.

• Fixes Implemented

• Moved CSP to HTTP response headers and iteratively refined directives:

• Allowed required origins for frames, fonts, styles, and API connections (Google Fonts, wallet/SSO endpoints, app backend).

• Added allowances for WebAssembly evaluation where necessary, balancing them with scoped or temporary relaxations.

• Deferred third-party SDK initialization until user interaction to reduce third-party cookie usage on initial load and lower the risk surface.

• Added report-ready guidance to narrow relaxations in production once the exact dependency is identified (optionally via report-only CSP).

• Results

• CSP is now enforced via headers, aligned with current integrations and endpoints.

• Third-party cookie usage is reduced on initial load; CSP warnings are minimized while maintaining functionality.