LogoLogo
SupportGithubSign InGet Access
  • Introduction
  • GETTING STARTED
    • SDK Quick Start
    • API Quick Start
  • Guides
    • Web
      • Create a wallet
      • Send tokens
      • Sign a transaction
      • Simulate a transaction
      • Back up a wallet
      • Recover a wallet
      • Cross-device sessions
      • Manage wallet lifecycle states
      • Web authentication methods
      • Perform swaps
      • Add custom signature hooks
      • MPC progress callbacks
      • Portal API methods
      • Configure a custom subdomain
      • Eject a wallet
      • Using the EIP-1193 Provider
      • Legacy documentation
        • Back up a wallet
          • Backup Options
        • Recover a wallet
    • iOS
      • Create a wallet
      • Send tokens
      • Sign a transaction
      • Simulate a transaction
      • Back up a wallet
      • Recover a wallet
      • Cross-device sessions
      • Manage wallet lifecycle states
      • Connect with WalletConnect
      • Build a WebView
      • Perform swaps
      • Add custom signature hooks
      • MPC progress callbacks
      • Portal API methods
      • Manage ERC20 tokens
      • Eject a wallet
      • Legacy documentation
        • Back up a wallet
          • Backup Options
          • Passkey + Enclave Storage
        • Recover a wallet
      • Troubleshooting Tips
      • Feature Flags
    • Android
      • Create a wallet
      • Send tokens
      • Sign a transaction
      • Simulate a transaction
      • Back up a wallet
      • Recover a wallet
      • Cross-device sessions
      • Manage wallet lifecycle states
      • Connect with WalletConnect
      • Build a WebView
      • Perform swaps
      • Add custom signature hooks
      • MPC progress callbacks
      • Portal API methods
      • Eject a wallet
      • Legacy documentation
        • Back up a wallet
          • Backup Options
        • Recover a wallet
    • React Native
      • Create a wallet
      • Send tokens
      • Sign a transaction
      • Simulate a transaction
      • Back up a wallet
      • Recover a wallet
      • Cross-device sessions
      • Manage wallet lifecycle states
      • Connect with WalletConnect
      • Build a WebView
      • Perform swaps
      • Add custom signature hooks
      • MPC progress callbacks
      • Portal API methods
      • Eject a wallet
      • Legacy documentation
        • Back up a wallet
          • Backup Options
        • Recover a wallet
    • Enclave MPC API
      • Create a client
      • Create a wallet
      • Send tokens
      • Sign Ethereum transactions
      • Sign Solana transactions
      • Sign Tron transactions
      • Sign Stellar Transaction
      • Concurrent Transactions
      • Back up a wallet
      • Eject a wallet
  • Reference
    • iOS
      • createWallet
      • backupWallet
      • recoverWallet
      • ejectPrivateKeys
      • registerBackupMethod
      • setGDriveConfiguration
      • setPasskeyConfiguration
      • setPasskeyAuthenticationAnchor
      • setPassword
      • availableRecoveryMethods
      • doesWalletExist
      • isWalletBackedUp
      • isWalletOnDevice
      • isWalletRecoverable
      • getBalances
      • getAssets
      • getNftAssets
      • getTransactions
      • sendSol
      • evaluateTransaction
      • buildEip155Transaction
      • buildSolanaTransaction
      • getWalletCapabilities
    • Android
      • Reference Documentation
    • React Native
      • @portal-hq/core
      • Storage adapters
        • Cloud storage
          • @portal-hq/gdrive-storage
          • @portal-hq/icloud-storage
        • Mobile storage
          • @portal-hq/keychain
          • @portal-hq/mobile-key-values
    • Enclave MPC API
      • V1 endpoints
    • Client API
      • V3 endpoints
      • V1 endpoints
    • Custodian API
      • V3 endpoints
      • V1 endpoints
    • Swaps API
      • V3 endpoints
      • V1 endpoints
  • Resources
    • Flutter
      • iOS
      • Android
    • Error codes
      • Overview
      • MPC errors
      • Network errors
      • General errors
      • Encryption errors
      • Portal Connect errors
    • Portal's MPC architecture
    • Authentication and API Keys
    • Self-Managed Backups
    • Alert Webhooks
    • Wallet lifecycle
    • Backup options
      • Password/PIN
      • GDrive
      • iCloud
      • Passkey + Enclave
    • WalletConnect metadata
    • Advanced security scanning
    • Account abstraction
    • Security firewall
    • Eject
    • Security
    • Blockchain support
    • Chain ID formatting
    • Testnet faucets
    • Going to Production
    • Rate Limits
    • Multi-backup migration guide
    • Multi-wallet migration guides
      • Migrating from Android SDK v3.x.x to v4.x.x
      • Migrating from iOS SDK v3.0.x to v3.2.x
  • Support
    • Changelog
      • Android
      • iOS
      • React Native
      • Web
      • Past Releases
        • 2024 Releases
        • 2023 Releases
    • Celo Hackathon Hub
    • Glossary
Powered by GitBook
On this page
  • Setup Instructions
  • Why do I need a custom domain?
  • Security in Depth

Was this helpful?

  1. Guides
  2. Web

Configure a custom subdomain

Complete configuration for the Portal Web SDK by enabling it to run on a subdomain of your application.

PreviousPortal API methodsNextEject a wallet

Last updated 1 year ago

Was this helpful?

In order to support Safari and other browsers with third-party cookie restrictions you will need to configure a subdomain of your application to point to Portal's web backend.

Setup Instructions

Adding a record on your DNS provider will enable Portal to run on a sub-domain of your application.

  1. Create a CNAME record to web.portalhq.io in your DNS provider:

    1. Set the DNS Record Type to CNAME

    2. Set the Name or Host field to portal (or any value you'd like to use for the subdomain) This will create a subdomain like portal.yourdomain.com.

    3. Set the Data or Content field to web.portalhq.io

  2. Reach out to Portal to let us know the value of the subdomain you've configured.

  3. Portal will update the backend configuration to support that subdomain and issue a TLS certificate.

Your subdomain must be a child of your the application that the Portal Web SDK will be running on.

We recommend using portal. as the name of the subdomain on your application. So if your application is at yourdomain.com we recommend configuring portal.yourdomain.com. If your application is at app.yourdomain.com the we recommend configuring portal.app.yourdomain.com .

Why do I need a custom domain?

Before configuring a custom subdomain, the Portal Web SDK depends on third-party cookies to authenticate with the Portal backend.

While this is a valid use case of third-party cookies, many browsers are working to restrict usage of third party cookies for privacy purposes as they're often abused by tracking services.

Safari currently blocks third party cookies by default and Chrome is working to deprecate them in 2024.

Unfortunately, browsers have not yet agreed upon the best way to handle legitimate use cases. While emerging web standards like CHIPS will help to support valid third party cookies use cases in the near future, the standard is not yet supported by all browsers.

Currently, the best way to support this is to convert the third party Portal cookies to first party cookies on your domain.

However, by configuring the Web SDK to run on a subdomain of your main application you provide additional isolation of Portal resources from your main application.

Security in Depth

Using a separate subdomain for the Portal Web SDK ensure separation of resources from your main application.

Cookies

The Web SDK leverages cookies to store the ClientSessionToken which is used to authenticate a user to the Portal backend.

Cookies are configured with the security flags http-only and secure to ensure cookies are only transmitted over secure connections (TLS) and are inaccessible by javascript.

Cookies are assigned to the subdomain, which means they are not included on requests to your application, and only on requests to Portal's backend.

LocalStorage

The Web SDK leverages LocalStorage to store the user's signing share which is used during MPC operations to sign messages and transactions.

Values stored in LocalStorage are scoped to the subdomain which means they cannot be accessed by the DOM of your application. This is a helpful level of isolation that protects the MPC share from any XSS bugs or malicious javascript on your web application.

Example CNAME configuration.
Domain separation before implementing custom domains.
Portal Web SDK resources are isolated to the custom subdomain.