magic-js: violates the following Content Security Policy directive when i use a Web Socket "Custom Nodes" option
β Prerequisites
const customNodeOptions = { rpcUrl: βwss://rpc-mainnet.maticvigil.com/wsβ, chainId: 137 }
π Description
Refused to connect to βwss://rpc-mainnet.maticvigil.com/wsβ because it violates the following Content Security Policy directive: "connect-src βselfβ https://.magic.link/ https://.fortmatic.com/ https://.alchemyapi.io/ wss://.ws.alchemyapi.io/ https://.infura.io/ https://.xdai.quiknode.pro β¦
𧩠Steps to Reproduce
Subscribe to an event with the web3 magic provider configured as above.
π Environment
| Software | Version(s) |
|---|---|
magic-sdk |
βmagic-sdkβ: β^4.2.1β |
The doc does not describe any restriction on WS RPC https://docs.magic.link/blockchains/ethereum#configure-custom-nodes
But it seems you need whitelists one or more of this βofficialβ web socket RPC provider
wss://rpc-mainnet.maticvigil.com/ws or wss://rpc-mainnet.matic.quiknode.pro or wss://ws-matic-mainnet.chainstacklabs.com or wss://matic-mainnet-full-ws.bwarelabs.com or wss://matic-mainnet-archive-ws.bwarelabs.comor wss://ws-mainnet.matic.network
Thank you
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 9
- Comments: 17 (10 by maintainers)
At the time being, testing with a private chain infrastructure is not possible. However, we are looking at options internally that would remove this security requirement by emitting request to the node from our backend instead of client-side. Will keep you posted on the progress.
@Genzan When your team is ready with a domain, go to https://magic.link and click the chat bubble at the bottom-right corner. You can communicate with our support team there!
Looks like this new error is related to our CORS setup, will forward this to our infrastructure team and have them take a look.
@vincentlg Those URLs listed have been added