https
) is required./path
) are not supported.*
) are only supported as a subdomain (*.domain.com
), but not as a domain alone (*.com
).*-sometext.domain.com
are not supported.http://localhost:port
) is supported but you must specify the port
number. Though supported, we do not recommend listing localhost
as an allowed domain for production apps. If you need to temporarily list localhost
as an allowed domain for your production app ID, please take care to remove it when not developing.https://www.example.com
and https://example.com
interchangeably. If these URLs are equivalent for your app setup, we
recommend adding both (with and without the www
subdomain) domains as allowed origins to the
dashboard.https://*.netlify.app
/ https://*.vercel.app
https://*-projectname.netlify.app
/ https://*-projectname.vercel.app
https://*.netlify.app
, https://*.vercel.app
, or similar. If you were to whitelist this domain for your production App ID, any actor could set up any arbitrary deployment with your hosting provider and can use your production App ID within their site.
If you’d like to secure your Privy App ID on preview deployment URLs, please check if your hosting provider allows you to map preview deployments to a stable subdomain that only you control, like:
https://*.yoursitename.netlify.app
under allowed domains, which arbitrary actors cannot deploy to. See instructions to set this up with Vercel or Netlify.