At Brave, we’ve been thinking more about what’s necessary to secure wallets and limit attack vectors with wallets. Recently we’ve implemented our wallet to align with the secure contexts web API. We’d like to propose this being standardized as a common implementation point for wallets so that dApps can have a level of certainty about how they can use iframes and minimum requirements of HTTP(s) etc.
Where do other wallet providers fall on this? Implementation for this should be rather simple given that all major browsers have already implemented
window.isSecureContext so a check just needs to be added before injecting the provider object.