You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Placeholder recipients such as zero addresses and Solana system-program values
27
27
- Testnet or staging rails such as Base Sepolia and Solana devnet
28
28
- HTTPS resource URLs and stable resource metadata
29
-
- Browser CORS allowance for `X-PAYMENT`
29
+
- Browser CORS allowance for the requesting origin and `X-PAYMENT`
30
30
- Over-broad public method surfaces
31
31
- Auth, validation, and free/trial responses that appear before a payment challenge, without piling on missing-field findings when no challenge was actually returned
32
32
- Operational health/status endpoints, without treating expected free health checks as paid-route failures
@@ -44,6 +44,7 @@ Recent public no-payment checks have found and verified real launch fixes:
44
44
- anchor-x402: multi-rail x402 challenges verified, with browser preflight blockers isolated before merge. https://github.com/solana-foundation/pay-skills/pull/47#issuecomment-4455678163
45
45
- Agent Trust Bench: linked discovery URL and browser-compatibility notes verified clean for adversarial agent-payment resources. https://github.com/solana-foundation/pay-skills/pull/23#issuecomment-4455722170
46
46
- Solrouter: private LLM inference route verified with HTTPS resource-binding and price-alignment notes. https://github.com/solana-foundation/pay-skills/pull/39#issuecomment-4455800060
0 commit comments