chore: hardcode secure site SDK URL to preview deployment

[tomiir]

Description

Hardcodes the secure site SDK URL to the preview deployment at https://9aaf2d1a.secure-appkit-sdk.pages.dev.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
appkit-demo	Ready	Preview, Comment	Jun 10, 2026 4:40pm
appkit-gallery	Ready	Preview, Comment	Jun 10, 2026 4:40pm
appkit-headless-sample-app	Ready	Preview, Comment	Jun 10, 2026 4:40pm
appkit-laboratory	Ready	Preview, Comment	Jun 10, 2026 4:40pm

9 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
appkit-basic-example	Ignored		Jun 10, 2026 4:40pm
appkit-basic-sign-client-example	Ignored		Jun 10, 2026 4:40pm
appkit-basic-up-example	Ignored		Jun 10, 2026 4:40pm
appkit-ethers5-bera	Ignored		Jun 10, 2026 4:40pm
appkit-nansen-demo	Ignored		Jun 10, 2026 4:40pm
appkit-wagmi-cdn-example	Ignored		Jun 10, 2026 4:40pm
ethereum-provider-wagmi-example	Ignored		Jun 10, 2026 4:40pm
next-wagmi-solana-bitcoin-example	Ignored		Jun 10, 2026 4:40pm
vue-wagmi-example	Ignored		Jun 10, 2026 4:40pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: d72847e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Visual Regression Test Results ✅ Passed

⚠️ 15 visual change(s) detected

Chromatic Build: https://www.chromatic.com/build?appId=6493191bf4b10fed8ca7353f&number=933
Storybook Preview: https://6493191bf4b10fed8ca7353f-pudifmqtck.chromatic.com/

👉 Please review the visual changes in Chromatic and accept or reject them.

[Copilot]

Pull request overview

This PR aims to point the embedded “secure site SDK” iframe to a specific preview deployment (https://9aaf2d1a.secure-appkit-sdk.pages.dev) and updates the Laboratory app’s CSP so that the iframe is permitted to load.

Changes:

• Hardcodes SECURE_SITE_SDK to the preview deployment URL in the wallet package.
• Updates Laboratory CSP frame-src to allow the preview deployment origin.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
packages/wallet/src/W3mFrameConstants.ts	Replaces env-var-driven Secure Site SDK URL selection with a hardcoded preview URL.
apps/laboratory/middleware.ts	Adds the preview deployment origin to the CSP frame-src allowlist so the iframe is not blocked.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

	Warnings
⚠️	Secure site URL has been changed
⚠️	🌐 Non-company domain introduced (host: 9aaf2d1a.secure-appkit-sdk.pages.dev) in apps/laboratory/middleware.ts (line 39): https://9aaf2d1a.secure-appkit-sdk.pages.dev
⚠️	🌐 Non-company domain introduced (host: 9aaf2d1a.secure-appkit-sdk.pages.dev) in packages/wallet/src/W3mFrameConstants.ts (line 3): https://9aaf2d1a.secure-appkit-sdk.pages.dev/sdk

Generated by 🚫 dangerJS against d72847e

[github-actions]

📦 Bundle Size Check

✅ All bundles are within size limits

📊 View detailed bundle sizes

> @reown/appkit-monorepo@1.7.1 size /home/runner/work/appkit/appkit

> size-limit

@reown/appkit - Main Entry
Size limit:   80 kB
Size:         75.85 kB with all dependencies, minified and gzipped
Loading time: 1.5 s    on slow 3G
Running time: 668 ms   on Snapdragon 410
Total time:   2.2 s
@reown/appkit/react
Size limit:   236 kB
Size:         235.09 kB with all dependencies, minified and gzipped
Loading time: 4.6 s     on slow 3G
Running time: 669 ms    on Snapdragon 410
Total time:   5.3 s
@reown/appkit/vue
Size limit:   80 kB
Size:         75.85 kB with all dependencies, minified and gzipped
Loading time: 1.5 s    on slow 3G
Running time: 458 ms   on Snapdragon 410
Total time:   2 s
@reown/appkit-scaffold-ui
Size limit:   220 kB
Size:         214.38 kB with all dependencies, minified and gzipped
Loading time: 4.2 s     on slow 3G
Running time: 587 ms    on Snapdragon 410
Total time:   4.8 s
@reown/appkit-ui
Size limit:   500 kB
Size:         13.16 kB with all dependencies, minified and gzipped
Loading time: 258 ms   on slow 3G
Running time: 70 ms    on Snapdragon 410
Total time:   328 ms

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	78.56%	39934 / 50828
🔵	Statements	78.56%	39934 / 50828
🔵	Functions	76.17%	4264 / 5598
🔵	Branches	86.67%	9742 / 11240

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/wallet/src/W3mFrameConstants.ts	100%	0%	100%	100%

Generated in workflow #17145 for commit d72847e by the Vitest Coverage Report Action