Skip to content

Instantly share code, notes, and snippets.

@matiu

matiu/csp.md

Created November 29, 2018 14:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save matiu/644a51bccaa43bb972e7dd1ad077876e to your computer and use it in GitHub Desktop.
Save matiu/644a51bccaa43bb972e7dd1ad077876e to your computer and use it in GitHub Desktop.
Download ZIP
Copay and Bitpay Wallet Network Restrictions
Raw
csp.md

To prevent unautorized network access, Copay and Bitpay Wallet v5.3.0 and above use the following Content Security Policy (CSP)

  <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' https://bws.bitpay.com
  https://bitpay.com https://auth.shapeshift.io https://shapeshift.io https://api.coinbase.com https://coinbase.com; 
  img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:">

This restrict network connections to the listed hosts only. As a consecuence, accessing self-hosted Bitcore Wallet Service (BWS) hosts will not be allowed. If you are using a self-hosted BWS you need to build the app yourself from source and modify that above line (at app-template/index-template.html) to match your host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment