Current Behavior The app crashes with CORS error when I try to con

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

CORS issue with Ledger about web3-onboard HOT 6 OPEN

charlie-kim commented on June 22, 2024 1

CORS issue with Ledger

from web3-onboard.

Comments (6)

charlie-kim commented on June 22, 2024

@Adamj1232 @aaronbarnardsound @leightkt can you please help with this issue?

from web3-onboard.

hnbt commented on June 22, 2024

@Adamj1232 @aaronbarnardsound @leightkt @charlie-kim Wondering if theres been an update. We're seeing this exact error too.

from web3-onboard.

Adamj1232 commented on June 22, 2024

@charlie-kim I am unable to reproduce with our examples. Can you try removing a couple of the init options down to only the projectId as seen here https://github.com/blocknative/react-demo/blob/66f1f388c0af2eafcb37d4e47e3b0c9bf3c297b2/src/services.js#L105 this is also deployed at https://reactdemo.blocknative.com/ if you would like to test there.
Is your Allow Domains on the cloud.walletconnect setting using a full path and no *s?

from web3-onboard.

charlie-kim commented on June 22, 2024

@Adamj1232 I am not sure how you were able to run with just projectId option. I am getting typescript error below with projectId only.

Argument of type '{ projectId: string; }' is not assignable to parameter of type 'LedgerOptions | undefined'.
  Property 'walletConnectVersion' is missing in type '{ projectId: string; }' but required in type 'LedgerOptionsWCv2'.ts(2345)

Allowed Domains for walletconnect project is set using * as below. I am not sure that's the problem though.
https://.raincards.xyz
https://.api.live.ledger.com

Also, I talked to ledger support. They have no idea what https://proxyseg.api.live.ledger.com//v1/projects URL is and why web3-onboard is making request to it. Do you know?

from web3-onboard.

Wozacosta commented on June 22, 2024

Hey @charlie-kim @Adamj1232 @hnbt,

The call to 'https://proxyseg.api.live.ledger.com//v1/projects/XXX/settings' was made by the ledger-connect-kit and was used by the segment library in there to route analytics data.

It was documented here

In the latest version of this connect-kit (starting at 1.1.11), the whole analytics part of the package was removed to remove potential attack vectors. It thus removes the need to setup any CSP, and should fix those CORS issues.

Note that for security reasons, the connect-kit-loader is now deprecated and only loads the connect-kit version 1.1.8.

To that end, I've opened a PR that uses the latest (1.1.12) connect-kit directly from the package manager and removes the use of the connect-kit-loader

from web3-onboard.

charlie-kim commented on June 22, 2024

Thanks @Wozacosta for your input. I should try when the PR is merged.

from web3-onboard.

CORS issue with Ledger about web3-onboard HOT 6 OPEN

Comments (6)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent