Metamask says site is not secure

Any ideas why this is happening? Everything was fine a week ago. Users aren’t trusting my site now.

The website where this is hosted is with ssl certificate. Also - it’s made on unity webgl

1 Like

metamask introduced this check recently where it checks the domain from the message that has to be signed, you should use the same domain in that message as the domain used in the browser
you can user ngrok as a proxy if you want to use a public url

Yeah, but the moralis server and the site are both hosted on the same vps.

it matters the domain that you set for Auth API, that message that will be required to be signed by metamask

I’m sorry man, but I’m still not sure what to do. which IP addresses have to match and where are they set? Thanks, sorry to be bothering you

what do you have as domain/url in your browser when metamask opens to sing a message and what domain you have in the message (the domain is at the beginning of the message)?

In domain I have my normal domain, but in sign message it shows localhost:1337

You explicitly set that localhost in the message as a domain?

There are about 5 threads on this issue. I have tested the ThirdWeb auth demo and it works without this issue in MetaMask so it isn’t an issue with MetaMask. Can you (or someone else) answer this?

If NEXTAUTH_URL=http://localhost:3000
What should APP_DOMAIN be?

Hey @mrepad, did you try localhost:3000 for the APP_DOMAIN?

the domain/subdomain from the website that you access has to match the domains/subdomain from the message to sign, if they don’t match then you will see that warning, if you use localhost with a port then you can use ngrok proxy to get a domain that doesn’t have a port number

you need to provide the domain used in the browser and the domain used in the message to sign to be able to help

@YosephKS YosephKS localhost:3000 gives this error

Unhandled Runtime Error

AxiosError: [C0006] Request failed, Bad Request(400): domain must be a valid domain name

@cryptokid Here’s a silly question. How do you put the domain in the message? In the tutorial there isn’t a message. I had to add statement: ‘Please confirm to authenticate yourself.’, to signin.jsx

What is the tutorial that you follow? When you request the message for authentication api you can specify the domain.

in authService.ts I set the proper domain, not localhost.

And when you access the website what domain is in the browser url that is accessed?

signin.jsx doesn’t have a statement to sign

I’ll take a look today to see what happens

the url in the browser is the normal domain I set for the website. Everything is fine, it is ssl secured. But metamask says signing from localhost:1337

Do you use discord? Can you send me a screenshot on discord?