feat: add 127.0.0.1 to DEFAULT_ALLOWED_ANCESTORS allowlist

[devin-ai-integration]

Add HTTPS localhost support to DEFAULT_ALLOWED_ANCESTORS

Summary

This PR adds https://localhost:* to the DEFAULT_ALLOWED_ANCESTORS list for consistency with the existing HTTP localhost and 127.0.0.1 patterns. The change addresses a GitHub comment requesting full consistency between localhost and 127.0.0.1 origin handling.

Key Changes:

• Added https://localhost:* pattern to DEFAULT_ALLOWED_ANCESTORS in ConstantsUtil.ts
• Added corresponding test cases to verify HTTPS localhost pattern matching
• Maintained existing patterns: http://localhost:*, http://127.0.0.1:*, https://127.0.0.1:*
• Created changeset for patch version across all packages

Review & Testing Checklist for Human

• Security Review: Verify that allowing https://localhost:* doesn't introduce security vulnerabilities in origin validation
• Functional Testing: Test locally that HTTPS localhost origins (e.g., https://localhost:3000) are properly allowed by the isOriginAllowed function
• Pattern Matching: Confirm the wildcard pattern matching works correctly for HTTPS localhost with various ports
• Changeset Validation: Review the changeset file format and ensure all required packages are included for the patch version
• Regression Testing: Run the full test suite to ensure no existing functionality is broken

Recommended Test Plan:

1. Set up a local HTTPS server on localhost (e.g., port 3000 or 8443)
2. Verify that origins like https://localhost:3000 are accepted by the origin validation logic
3. Test with different ports to ensure the wildcard pattern works correctly
4. Confirm existing HTTP localhost and 127.0.0.1 patterns still work

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph Legend
        L1["Major Edit"]:::major-edit
        L2["Minor Edit"]:::minor-edit  
        L3["Context/No Edit"]:::context
    end
    
    ConstantsUtil["packages/appkit/src/utils/ConstantsUtil.ts<br/>DEFAULT_ALLOWED_ANCESTORS"]:::major-edit
    HelpersUtil["packages/appkit/src/utils/HelpersUtil.ts<br/>isOriginAllowed function"]:::context
    TestFile["packages/appkit/tests/utils/HelpersUtil.test.ts<br/>origin validation tests"]:::minor-edit
    Changeset[".changeset/add-localhost-ip-to-allowlist.md<br/>patch version changeset"]:::context
    
    ConstantsUtil --> HelpersUtil
    HelpersUtil --> TestFile
    ConstantsUtil --> Changeset
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB  
    classDef context fill:#FFFFFF

Loading

Notes

• This change completes the consistency requested in the GitHub PR comment by @enesozturk
• The implementation follows the existing pattern used for HTTP localhost and 127.0.0.1 entries
• All tests pass locally including the new HTTPS localhost test cases
• The changeset follows the repository's standard format for patch releases

Session Details:

• Devin session: https://app.devin.ai/sessions/f9cb6ede1ee1444b9723b3438f2ea3a2
• Requested by: enes@reown.com
• Related to Linear ticket: APKT-3150

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[changeset-bot]

🦋 Changeset detected

Latest commit: 814953b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 23 packages

Name	Type
@reown/appkit-adapter-bitcoin	Patch
@reown/appkit-adapter-ethers	Patch
@reown/appkit-adapter-ethers5	Patch
@reown/appkit-adapter-solana	Patch
@reown/appkit-adapter-wagmi	Patch
@reown/appkit	Patch
@reown/appkit-utils	Patch
@reown/appkit-cdn	Patch
@reown/appkit-cli	Patch
@reown/appkit-codemod	Patch
@reown/appkit-common	Patch
@reown/appkit-controllers	Patch
@reown/appkit-core	Patch
@reown/appkit-experimental	Patch
@reown/appkit-pay	Patch
@reown/appkit-polyfills	Patch
@reown/appkit-scaffold-ui	Patch
@reown/appkit-siwe	Patch
@reown/appkit-siwx	Patch
@reown/appkit-testing	Patch
@reown/appkit-ui	Patch
@reown/appkit-wallet	Patch
@reown/appkit-wallet-button	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
appkit-basic-html	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 30, 2025 10:00am
appkit-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 30, 2025 10:00am
appkit-laboratory	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 30, 2025 10:00am

10 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
appkit-basic-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
appkit-basic-sign-client-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
appkit-basic-up-example	⬜️ Ignored (Inspect)	Visit Preview		Jun 30, 2025 10:00am
appkit-ethers5-bera	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
appkit-nansen-demo	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
appkit-vue-solana	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
appkit-wagmi-cdn-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
ethereum-provider-wagmi-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
next-wagmi-solana-bitcoin-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am
vue-wagmi-example	⬜️ Ignored (Inspect)			Jun 30, 2025 10:00am

[github-actions]

	Warnings
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 61): EtWTRABZaYq6iMfeYKou...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 61): EtWTRABZaYq6iMfeYKou...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 177): 4sGjMW1sUnHzSxGspuhp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 61): EtWTRABZaYq6iMfeYKou...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 179): 8E9rvCKLFQia2Y35HXjj...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 61): EtWTRABZaYq6iMfeYKou...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 44): 5eykt4UsFv8P8NJdTREp...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 231): b2cb2748499532d9c307...
⚠️	🔑 Potential High‑entropy string detected in packages/appkit/tests/utils/HelpersUtil.test.ts (line 235): 0x53F31e8972Ebddac15...
⚠️	packages/appkit/src/utils/ConstantsUtil.ts uses localhost: which is likely a mistake
⚠️	packages/appkit/tests/utils/HelpersUtil.test.ts uses localhost: which is likely a mistake

Generated by 🚫 dangerJS against 814953b

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	77.7%	30717 / 39532
🔵	Statements	77.7%	30717 / 39532
🔵	Functions	68.59%	2531 / 3690
🔵	Branches	84.37%	6378 / 7559

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/appkit/src/utils/ConstantsUtil.ts	100%	100%	100%	100%

Generated in workflow #13023 for commit 814953b by the Vitest Coverage Report Action