Skip to content
Permalink
Browse files

Create CSP.md

  • Loading branch information...
matiu committed Nov 29, 2018
1 parent cf56d28 commit ff367d24adfcf7f8c3aa99498dbb71197e66d2db
Showing with 9 additions and 0 deletions.
  1. +9 −0 CSP.md
9 CSP.md
@@ -0,0 +1,9 @@
To prevent unautorized network access, Copay and Bitpay Wallet v5.3.0 and above use the following Content Security Policy (CSP)

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' https://bws.bitpay.com
https://bitpay.com https://auth.shapeshift.io https://shapeshift.io https://api.coinbase.com https://coinbase.com;
img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:">

This restrict network connections to the listed hosts only. As a consecuence, accessing self-hosted Bitcore Wallet Service
(BWS) hosts will not be allowed. If you are using a self-hosted BWS you need to build the app yourself from source
and modify that above line (at app-template/index-template.html) to match your host.

0 comments on commit ff367d2

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.