Skip to content

Allowlist svaroglauncher.com#1830

Open
krutftw wants to merge 1 commit into
phantom:masterfrom
krutftw:allowlist-svaroglauncher-com
Open

Allowlist svaroglauncher.com#1830
krutftw wants to merge 1 commit into
phantom:masterfrom
krutftw:allowlist-svaroglauncher-com

Conversation

@krutftw

@krutftw krutftw commented Jul 2, 2026

Copy link
Copy Markdown

Adds svaroglauncher.com and *.svaroglauncher.com to the whitelist for false-positive review.

Context:

  • Phantom is showing the full-page malicious-site warning for svaroglauncher.com.
  • I could not find svaroglauncher.com or svarog in the current master checkout across blocklist.yaml, eth-blocklist.yaml, nft-blocklist.yaml, whitelist.yaml, or fuzzylist.yaml, so this appears to need allowlist review rather than removal of an exact blocklist entry.
  • The live site resolves to the production host, serves HTTPS, and returns 200 for the homepage, privacy policy, and terms pages.
  • The site is a Solana dApp/tool for token launching and wallet-signature login. It does not ask users for seed phrases.

Validation:

  • node ci.js
  • yarn run build

Summary by CodeRabbit

  • Chores
    • Expanded the allowed domain list to include nftplus.io, svaroglauncher.com, and all subdomains of svaroglauncher.com.
    • Updated the existing domain entry to cover the broader set of related sites.

Copilot AI review requested due to automatic review settings July 2, 2026 14:27
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1909ea49-3fdc-4731-bdad-56c16c533de5

📥 Commits

Reviewing files that changed from the base of the PR and between 5030186 and b0c54b0.

📒 Files selected for processing (1)
  • whitelist.yaml

📝 Walkthrough

Walkthrough

Updated whitelist.yaml to add nftplus.io, svaroglauncher.com, and *.svaroglauncher.com as allowlisted domains, replacing the previous single nftplus.io entry.

Changes

Whitelist Update

Layer / File(s) Summary
Add new domains to whitelist
whitelist.yaml
Adds nftplus.io, svaroglauncher.com, and its wildcard subdomain to the allowlist, replacing the prior nftplus.io entry.

Related Issues: None specified.

Related PRs: None specified.

Suggested Labels: whitelist, config

Suggested Reviewers: None specified.

🐰 A hop, a skip, a domain or two,
Nftplus stays, and Svarog joins the crew,
Wildcards sprinkled with a gentle paw,
The list grows greener, all within the law.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding svaroglauncher.com to the allowlist.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds svaroglauncher.com to the project’s whitelist.yaml so it can be treated as an allowlisted false-positive domain (including subdomains) by the blocklist/validation tooling.

Changes:

  • Add svaroglauncher.com to the whitelist.
  • Add *.svaroglauncher.com to the whitelist to cover subdomains.
  • Normalize the adjacent nftplus.io entry’s indentation so it remains a valid list item.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@krutftw

krutftw commented Jul 3, 2026

Copy link
Copy Markdown
Author

Fresh availability check for the reviewer:

As of 2026-07-03 18:30 UTC, https://svaroglauncher.com is online and returning 200 OK. I checked:

  • root domain: 200 OK
  • /privacy, /terms, /docs, /security, /support, /register, /login: 200 OK
  • TLS for svaroglauncher.com, www.svaroglauncher.com, and api.svaroglauncher.com: valid Let's Encrypt certs
  • DNS: svaroglauncher.com, www.svaroglauncher.com, and api.svaroglauncher.com resolve to 45.146.160.150
  • external HTTPS probes from US, GB, DE, IN, NG, BR, TR, RO, SG, and AU: 200 OK

The app is a non-custodial Solana dApp. Login/connect uses wallet signature auth and the site does not ask for seed phrases or private keys.

@krutftw

krutftw commented Jul 6, 2026

Copy link
Copy Markdown
Author

Fresh post-migration availability check for reviewer:

As of 2026-07-06 14:06 UTC, the production site has been moved and is reachable with valid HTTPS:

  • DNS: svaroglauncher.com resolves to 172.93.212.202
  • https://svaroglauncher.com/login: 200 OK
  • https://www.svaroglauncher.com/login: 200 OK
  • https://api.svaroglauncher.com/health: 200 OK
  • http://svaroglauncher.com/login: 301 redirect to HTTPS
  • TLS certificate: Let's Encrypt, CN svaroglauncher.com
  • SANs: svaroglauncher.com, www.svaroglauncher.com, api.svaroglauncher.com
  • Certificate validity: 2026-07-06 10:44:04 UTC to 2026-10-04 10:44:03 UTC

Users are still seeing Phantom's in-app block warning for svaroglauncher.com, so this allowlist PR is still needed. The dApp login signs a plain text wallet ownership message only and does not request seed phrases/private keys.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants