From 285b952e284d94c442503146d6ee5efaf4018db0 Mon Sep 17 00:00:00 2001
From: nodirbek75 <nodirbek7077@gmail.com>
Date: Mon, 22 Jun 2026 18:59:18 +0500
Subject: [PATCH 1/3] fix selfie step on the bridge kyc flow not showing the
 overlay with informative texts

---
 .../topup-cashout-flow/BridgeKycWebView.tsx        | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
index dff28ea63..9a44a3490 100644
--- a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
+++ b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
@@ -78,14 +78,15 @@ const TOS_INJECTED_JS = `(function() {
 
 // iOS zoom prevention: force 16px font on inputs, disable text-size-adjust,
 // and use MutationObserver for dynamically added inputs.
+// Note: Removed touch-action manipulation to allow camera auto-capture to work properly
 const KYC_ZOOM_PREVENTION_JS = `(function(){
   document.querySelectorAll('meta[name="viewport"]').forEach(m=>m.remove());
   var meta=document.createElement('meta');
   meta.name='viewport';
-  meta.content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no';
+  meta.content='width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=5, user-scalable=yes';
   document.head.insertBefore(meta,document.head.firstChild);
   var style=document.createElement('style');
-  style.innerHTML='input,textarea,select{font-size:16px!important}*{-webkit-text-size-adjust:100%!important;touch-action:manipulation!important}';
+  style.innerHTML='input,textarea,select{font-size:16px!important}*{-webkit-text-size-adjust:100%!important}';
   document.head.appendChild(style);
   var preventZoom=function(e){if(e.target&&(e.target.tagName==='INPUT'||e.target.tagName==='TEXTAREA')){e.target.style.fontSize='16px';e.target.style.transform='none'}};
   document.addEventListener('focusin',preventZoom,true);
@@ -95,7 +96,8 @@ const KYC_ZOOM_PREVENTION_JS = `(function(){
   true})();`
 
 // Viewport meta injection before content loads to prevent initial zoom.
-const VIEWPORT_INJECTION_JS = `(function(){const forceViewport=()=>{const content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no';document.querySelectorAll('meta[name="viewport"]').forEach(m=>m.remove());const meta=document.createElement('meta');meta.name='viewport';meta.content=content;if(document.head){document.head.insertBefore(meta,document.head.firstChild)}else{document.documentElement.appendChild(meta)}};forceViewport();document.addEventListener('DOMContentLoaded',forceViewport);window.addEventListener('load',forceViewport);if(document.documentElement){document.documentElement.style.touchAction='pan-x pan-y'}true})();`
+// Updated to allow scaling and removed restrictive touch-action for camera functionality
+const VIEWPORT_INJECTION_JS = `(function(){const forceViewport=()=>{const content='width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=5, user-scalable=yes';document.querySelectorAll('meta[name="viewport"]').forEach(m=>m.remove());const meta=document.createElement('meta');meta.name='viewport';meta.content=content;if(document.head){document.head.insertBefore(meta,document.head.firstChild)}else{document.documentElement.appendChild(meta)}};forceViewport();document.addEventListener('DOMContentLoaded',forceViewport);window.addEventListener('load',forceViewport);true})();`
 
 const BridgeKycWebView: React.FC<Props> = ({ navigation, route }) => {
   const styles = useStyles()
@@ -220,8 +222,14 @@ const BridgeKycWebView: React.FC<Props> = ({ navigation, route }) => {
           startInLoadingState
           scalesPageToFit={false}
           bounces={false}
+          scrollEnabled
           sharedCookiesEnabled
           thirdPartyCookiesEnabled
+          allowsInlineMediaPlayback
+          mediaPlaybackRequiresUserAction={false}
+          allowsFullscreenVideo={false}
+          automaticallyAdjustContentInsets={false}
+          contentInsetAdjustmentBehavior="never"
           onShouldStartLoadWithRequest={(request) => {
             // During ToS step, open terms/privacy links in external browser
             if (currentStep === "tos" && request.url !== tosLink) {

From 8175d40a67d5dda33405adefbe23dbf7ba845eba Mon Sep 17 00:00:00 2001
From: nodirbek75 <nodirbek7077@gmail.com>
Date: Mon, 22 Jun 2026 18:59:59 +0500
Subject: [PATCH 2/3] fix term of services and privacy policy links not opening
 on the external browser

---
 app/screens/topup-cashout-flow/BridgeKycWebView.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
index 9a44a3490..c30ffd170 100644
--- a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
+++ b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
@@ -234,7 +234,7 @@ const BridgeKycWebView: React.FC<Props> = ({ navigation, route }) => {
             // During ToS step, open terms/privacy links in external browser
             if (currentStep === "tos" && request.url !== tosLink) {
               const url = request.url.toLowerCase()
-              if (url.includes("www.bridge.xyz/legal")) {
+              if (url.includes("/legal")) {
                 Linking.openURL(request.url)
                 return false
               }

From 5f1c6499894393359ad0f0aa504980218b747c2b Mon Sep 17 00:00:00 2001
From: Dread <dread@example.com>
Date: Tue, 23 Jun 2026 10:53:07 -0700
Subject: [PATCH 3/3] fix(bridge-kyc): scope ToS legal-link external-open to
 bridge.xyz host

The ToS-step handler opened any URL containing '/legal' in the external
browser. Restrict it to bridge.xyz (and subdomains) + a /legal path so an
unrelated host can't be shelled out via Linking.openURL.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 app/screens/topup-cashout-flow/BridgeKycWebView.tsx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
index c30ffd170..6d438eca1 100644
--- a/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
+++ b/app/screens/topup-cashout-flow/BridgeKycWebView.tsx
@@ -234,7 +234,12 @@ const BridgeKycWebView: React.FC<Props> = ({ navigation, route }) => {
             // During ToS step, open terms/privacy links in external browser
             if (currentStep === "tos" && request.url !== tosLink) {
               const url = request.url.toLowerCase()
-              if (url.includes("/legal")) {
+              // Only shell out for legal links on bridge.xyz (any subdomain) —
+              // not any URL that merely contains "/legal".
+              const isBridgeLegal =
+                /^https?:\/\/([a-z0-9.-]+\.)?bridge\.xyz\//.test(url) &&
+                url.includes("/legal")
+              if (isBridgeLegal) {
                 Linking.openURL(request.url)
                 return false
               }