Document allowedOrigins caveat for endowment:rpc (MetaMask#1042)

kongali1720 · Dec 6, 2023 · 95e4221 · 95e4221
1 parent 690b2d7
commit 95e4221
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/snaps/reference/permissions.md b/snaps/reference/permissions.md
@@ -138,6 +138,29 @@ Specify this permission in the manifest file as follows:
 }
 ```
 
+Alternatively, you can specify the caveat `allowedOrigins` to restrict requests to specific domains or Snap IDs. 
+Calls from any other origins will be rejected. 
+
+Specify this caveat in the manifest file as follows: 
+
+```json
+{
+  "initialPermissions": {
+    "endowment:rpc": { 
+      "allowedOrigins": [
+        "metamask.io", 
+        "consensys.io",
+        "npm:@metamask/example-snap"
+      ] 
+    }
+  }
+}
+```
+
+:::note
+If you specify `allowedOrigins`, you should not specify `dapps` or `snaps`. 
+:::
+
 ### endowment:transaction-insight
 
 To provide transaction insights, a Snap must request the `endowment:transaction-insight` permission.