What permissions are required by web3auth to run if you are using CSP to secure your site?
Steps to reproduce the behavior:
- Integrate web3auth
- Enable CSP on your web server for example using helmet.contentSecurityPolicy
- web3auth will fail to run
Would be great to have all CSP settings listed in a block so we can just copy paste:
{
scriptSrc: ["web3auth scripts"],
frameSrc: ["if script use frames"],
styleSrc:
imgSrc:
mediaSrc:
}
Originally posted by: lida-spaceport
Check the discussion at: https://github.com/orgs/Web3Auth/discussions/1227