web3modal icon indicating copy to clipboard operation
web3modal copied to clipboard
verified publisher icon WalletConnect

Secure Site - Update CSP

Open Sam-Newman opened this issue 1 year ago • 0 comments

  • Remove http://localhost:* from frame-ancestors to ensure that only secure (HTTPS) origins are allowed.
  • Introduce a script-src directive that specifies secure, trusted sources for scripts, which could include hashes, nonces, or specific trusted domains.
  • Add an object-src directive and set it to ‘none’ to prevent the loading of potentially harmful plugins.

These modifications will significantly enhance the application’s security posture against common web-based attacks, such as XSS and plugin injections.

Sam-Newman avatar Feb 19 '24 10:02 Sam-Newman