Some Safe apps cannot be loaded in the desktop app

[mmv08]

Description

Some safe apps use HTTP headers such as Content-Security-Policy to let the website being loaded as an iframe for specific websites. This strategy works well for the interface hosted on gnosis-safe.io but doesn't for the desktop app.

We also got a request for easy detection if the app is loaded as a safe app that doesn't require loading the SDK - in the web version, one can use desktop.referrer, but not on the desktop. It could be done with the query params.

Affected apps:
Zerion, 1inch, furucombo

Environment

Latest desktop app

Steps to reproduce

1. Try to load Zerion safe app in the desktop app

Expected result

To be evaluated by the team

Obtained result

The app doesn't load

[mmv08]

Some safe apps use HTTP headers such as X-Frame-Ancestors to let the website being loaded as an iframe for specific websites. This strategy works well for the interface hosted on gnosis-safe.io but doesn't for the desktop app.

To fix this I suggest letting the desktop app know about such apps so it can hide them, and introducing a new boolean flag on the backend: restrictsAccessBySource

[JagoFigueroa]

Hola guys! Unfortunately I am having a few issues when testing this PR with this build of the app that @dasanra created for me: https://github.com/gnosis/safe-react/actions/runs/1693347662

I can still see the Zerion app in the list of apps and a few others that do not open and I think should be hidden as well after this fix (I checked on mainnet):

-DODO
-1inch Network (mainnet)
-furucombo
-StakeWise
-WrappedPunks
-yearnFinance

Also apps like Uniswap, sushi or other token swapping apps in general do not seem to fetch the safe asset balance making them pretty much useless (although this looks like something to tackle in a separate ticket).