Closed SCBuergel closed 4 years ago
It is supposed to work if you use 127.0.0.1
or localhost
. Are you using some other domain to refer to your localhost?
I just opened the index.html
which is probably stupid and can't work due to permissions (?). The reason I was trying is that it's hard to host the web app by running a local web server on TailsOS. It's not only resilience and security by air-gapping but I want to do also do that because MyEtherWallet does not seem to load in the TOR browser.
I'll try that and see if there is a way to whitelist this way of running MEW.
On Mon, Apr 13, 2020, 20:02 Sebastian C. Bürgel notifications@github.com wrote:
I just opened the index.html which is probably stupid and can't work due to permissions (?). The reason I was trying is that it's hard to host the web app by running a local web server on TailsOS https://tor.stackexchange.com/questions/21097/how-to-run-a-local-webserver-on-tails. It's not only resilience and security by air-gapping but I want to do also do that because MyEtherWallet does not seem to load in the TOR browser https://github.com/MyEtherWallet/MyEtherWallet/issues/2242.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/digitalbitbox/bitbox-bridge/issues/7#issuecomment-613017235, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADYJUICYZHF2OCQJ7YYQKDRMNHTHANCNFSM4MG6A3OQ .
btw, if you have python you can run python3 -m http.server
in the directory of the index.html file and get a quick http server up and running. This might be a valid workaround until I get time to look at the real issue.
If possible, it would be very useful to interface a static, local and offline copy of MyEtherWallet to reduce attack vectors further.
127.0.0.1
or ::1
is local and can be as much offline as you want it to be. It's a loopback and requires no internet connection.
From https://github.com/MyEtherWallet/MyEtherWallet#developers, the last step:
- App should be running in https://localhost:8080
Alternatively, use a static file server like what @NickeZ suggested in https://github.com/digitalbitbox/bitbox-bridge/issues/7#issuecomment-617416601
You'll want to bind to loopback only though. I would recommend something like:
python3 -m http.server --bind 127.0.0.1
More static file servers: https://gist.github.com/willurd/5720255
To summarize: opening an HTML file like MEW's index.html directly with a browser is no more secure than 127.0.0.1
while offline.
Though, I made a feature request out of this. See details in https://github.com/digitalbitbox/bitbox-bridge/issues/9.
(I'm not sure if this is an issue for MyEtherWallet or this bridge)
When loading MyEtherWallet not via their website but instead from their static build locally (local HTML file) then I get the error
Trying to connect from a non-whitelilsted origin
. If possible, it would be very useful to interface a static, local and offline copy of MyEtherWallet to reduce attack vectors further.