v1.0 stable · Open-source core
Security
Nonce, domain, signature, session, cookie, and production deployment guidance.
Overview
Security-critical flows bind nonces to domains and reject weak production session secrets.
Self-hosted and hosted modes share the same verification principles even when operational controls differ.
Requirements
- Bind nonce records to domain, address, chain type, and purpose before signing.
- Consume nonces exactly once and reject expired or mismatched records.
- Use HTTPS origins and secure HttpOnly cookies in production.
- Add explicit risk acceptance for any production HTTP or weak-secret override.