fix(docs): add a content security policy configuration section

Keeper-Wallet · Jun 30, 2023 · f36f997 · f36f997
1 parent ba0ba1a
commit f36f997
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -22,6 +22,19 @@ or yarn
 yarn add @waves/signer @keeper-wallet/provider-keeper-mobile
 ```
 
+## Content Security Policy
+
+If your dapp uses a CSP enabled server setup, you need to append Wallet Connect
+endpoints for the following directives:
+
+```
+connect-src  wss://relay.walletconnect.com https://registry.walletconnect.com;
+frame-src  https://verify.walletconnect.com;
+```
+
+For more information and common use cases for CSP, see the
+[MDN CSP documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
+
 ## Usage
 
 - #### Provider with app metadata
@@ -106,3 +119,5 @@ const [invoke] = await signer
 ```
 
 For more examples see [Signer documentation](https://github.com/wavesplatform/signer/blob/master/README.md).
+
+default-src 'self' https://waves.exchange https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://marketdata.wavesplatform.com https://swap-widget.keeper-wallet.app;img-src 'self' data: https:;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com https://fonts.intercomcdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://vk.com https://connect.facebook.net https://mc.yandex.ru https://code.jquery.com https://google.com https://www.google.com https://www.gstatic.com https://swap-widget.keeper-wallet.app https://www.youtube.com https://marketdata.wavesplatform.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;connect-src 'self' https://mc.yandex.ru https://www.facebook.com https://vk.com https://www.google-analytics.com https://google.com https://www.googletagmanager.com https://www.gstatic.com https://marketdata.wavesplatform.com https://www.youtube.com wss://relay.walletconnect.com https://api.rss2json.com https://waves.exchange https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://swap-widget.keeper-wallet.app https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://registry.walletconnect.com/api/v2/wallets;form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io ;media-src https://js.intercomcdn.com;frame-src 'self' https://www.youtube.com https://youtube.com https://www.google.com https://swap-widget.keeper-wallet.app https://waves.exchange/ https://verify.walletconnect.com/;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests