You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Docs: Add CSP QR-code troubleshooting
Add a new troubleshooting 'Cause C' that explains how a strict Content Security Policy can prevent the MetaMask QR code from rendering (the fox SVG is embedded as a data: URI and materialized via a fetch-style call). The entry documents the console error, outlines the required CSP directives (allow data: in connect-src/img-src, include mm-sdk relay and analytics origins, and style-src 'unsafe-inline'), provides a minimal meta-tag example, and links to the connect-monorepo CSP reference.
* Apply suggestion from @alexandratran
* Update EVM docs for connectAndSign/connectWith API
Document breaking API changes: connectAndSign and connectWith now return objects ({ accounts, chainId, signature }) and ({ accounts, chainId, result }) respectively. Updated examples across quickstart, guides, and reference to destructure these fields and log accounts/chainId alongside results, and added breaking-change notes. Also adjusted the EVM client status type name to ConnectEvmStatus in the reference and clarified CSP troubleshooting guidance for the QR-code fox SVG (img-src data: and older-version fallbacks).
* Clarify connectAndSign/connectWith return docs
Update wording in EVM guides and reference to clarify that connectAndSign and connectWith now return objects and callers should read `.signature` and `.result` from the returned object (rather than implying destructuring). Minor punctuation/phrasing tweaks in migrate-from-sdk guide and methods reference for clearer guidance.
* Update linea bridge link
---------
Co-authored-by: Alexandra Carrillo <12214231+alexandratran@users.noreply.github.com>
**Cause C:** A strict Content Security Policy (CSP) is blocking the QR code from rendering.
177
-
The QR code embeds the MetaMask fox SVG as a `data:` URI, which `@metamask/multichain-ui`
178
-
materializes via a `fetch`-style call.
179
-
A CSP without `data:` in `connect-src` (or `img-src`) blocks this and the QR code fails to appear.
180
-
A symptom in the browser console looks like:
177
+
The QR code embeds the MetaMask fox SVG as a `data:` URI.
181
178
182
-
`Refused to connect to 'data:image/svg+xml;base64,...' because it violates the following Content Security Policy directive: "connect-src 'self' https: wss:".`
183
-
184
-
**Fix:** Allow the `data:` scheme and the MetaMask relay and analytics origins in your CSP.
179
+
**Fix:** Allow the `data:` scheme in `img-src` and the MetaMask relay and analytics origins in
-`data:` in `connect-src` and `img-src` - Required for the fox SVG embedded in the QR code.
193
+
-`img-src 'self' data:` - Required for the fox SVG embedded in the QR code.
198
194
-`wss://mm-sdk-relay.api.cx.metamask.io` - The relay used for remote (no-extension and mobile)
199
195
connections.
200
196
-`https://mm-sdk-analytics.api.cx.metamask.io` - The default analytics endpoint emitted during the
201
197
connection lifecycle.
202
198
-`style-src 'unsafe-inline'` - `@metamask/multichain-ui` injects component styles at runtime
203
199
inside Shadow DOM (Stencil).
204
200
201
+
:::note Older versions
202
+
In earlier package versions, the QR-code modal materialized the fox icon via an `XMLHttpRequest` on
203
+
a `blob:` / `data:` URI, requiring `blob:` (and in some setups `data:`) in `connect-src`.
204
+
Upgrade to `@metamask/connect-evm` 1.0.0, `@metamask/connect-solana` 1.0.0, or
205
+
`@metamask/connect-multichain` 0.12.1 or later to remove this requirement — the fox SVG is now
206
+
embedded directly as a `data:` URI without an extra request.
207
+
A symptom on older versions looked like:
208
+
209
+
`Refused to connect to 'data:image/svg+xml;base64,...' because it violates the following Content Security Policy directive: "connect-src 'self' https: wss:".`
210
+
211
+
If you cannot upgrade, add `data: blob:` to `connect-src` as a fallback.
212
+
:::
213
+
205
214
For the full reference, see
206
215
[Content Security Policy](https://github.com/MetaMask/connect-monorepo#content-security-policy) in `metamask/connect-monorepo`.
0 commit comments