Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

violates the following Content Security Policy directive when i use a Web Socket "Custom Nodes" option

See original GitHub issue

✅ Prerequisites

const customNodeOptions = { rpcUrl: ‘wss://rpc-mainnet.maticvigil.com/ws’, chainId: 137 }

🐛 Description

Refused to connect to ‘wss://rpc-mainnet.maticvigil.com/ws’ because it violates the following Content Security Policy directive: "connect-src ‘self’ https://.magic.link/ https://.fortmatic.com/ https://.alchemyapi.io/ wss://.ws.alchemyapi.io/ https://.infura.io/ https://.xdai.quiknode.pro …

🧩 Steps to Reproduce

Subscribe to an event with the web3 magic provider configured as above.

🌎 Environment

Software	Version(s)
`magic-sdk`	“magic-sdk”: “^4.2.1”

The doc does not describe any restriction on WS RPC https://docs.magic.link/blockchains/ethereum#configure-custom-nodes

But it seems you need whitelists one or more of this “official” web socket RPC provider

wss://rpc-mainnet.maticvigil.com/ws or wss://rpc-mainnet.matic.quiknode.pro or wss://ws-matic-mainnet.chainstacklabs.com or wss://matic-mainnet-full-ws.bwarelabs.com or wss://matic-mainnet-archive-ws.bwarelabs.comor wss://ws-mainnet.matic.network

Thank you

Issue Analytics

State:
Created 2 years ago
Reactions:9
Comments:17 (10 by maintainers)

Top GitHub Comments

1reaction

smithkicommented, May 3, 2021

Hi already tried to talk via chat and email but they told me they were unable because of guidance of your security team

Any suggestions so we can advance in testing a Private Network Blockchain using MagicLink?

At the time being, testing with a private chain infrastructure is not possible. However, we are looking at options internally that would remove this security requirement by emitting request to the node from our backend instead of client-side. Will keep you posted on the progress.

1reaction

smithkicommented, Apr 28, 2021

@Genzan When your team is ready with a domain, go to https://magic.link and click the chat bubble at the bottom-right corner. You can communicate with our support team there!

Top Results From Across the Web

How to fix 'because it violates the following content security ...

'because it violates the following content security policy directive' is a browser error message that occurs when Content Security Policy is blocking a ......

node.js - correct content security policy for socket.io (web ...

I am using helmet module for generation of CSP; the following is the code that sets up CSP: securitySetup = function(app) { var...

CSP: connect-src - HTTP - MDN Web Docs - Mozilla

The HTTP Content-Security-Policy (CSP) connect-src directive restricts the URLs which can be loaded using script interfaces.

.NET 6 Hot Reload and "Refused to connect to ws: because it ...

NET 6 Hot Reload and "Refused to connect to ws: because it violates the Content Security Policy directive" because Web Sockets.

Content security policy - web.dev

Use allowlists to tell the client what's allowed and what isn't. Learn what directives are available. Learn the keywords they take. Inline code ......