search

MetaMask / detect-provider

A tiny utility for detecting the MetaMask Ethereum Provider, or any Provider compliant with EIP-1193.
ISC License
241 stars 60 forks source link

Allow working with strict CSPs #31

Open danfinlay opened 3 years ago

danfinlay commented 3 years ago

TIL: Our current mobile script injection technique violates some CSPs!

I just got off a call with a team that currently can't use MetaMask because their page's CSP refuses to interact with an inline script.

It would help them if we also allowed connecting via a non-injected provider. Maybe we should set up detect-provider to bring its own inpage-provider, so it allows side-stepping this issue.

I'm reaching out to them to see what CSP this might be, I think a safely strict testing csp might be script-src: 'none'.

mrnerdhair commented 2 years ago

Same issue here. The issue is that Firefox has decided that page CSPs should apply to code injected by extensions. This means that MM's injected provider stub won't work unless your CSP's script-src includes unsafe-inline, which is (as the name implies) unsafe. The MessagePort to talk to the extension is still available, of course, so the fix is to instantiate an inpage provider if one can't be detected.

On desktop the "built-in" provider will always be injected before user code is run, but that's not true on mobile. It's (probably) not possible to detect whether the page is still waiting for a provider to be injected (i.e. on mobile) or whether the injection of a provider has been blocked by CSP, so it wouldn't be a good experience to wait until the current timeout-based logic fails before setting up an inpage provider for the latter option. https://github.com/shapeshift/web/pull/443 isn't exactly prod-ready, but it does demonstrate a compromise solution using a proxy with a resettable target to return an instantiated provider immediately but swap it out with the injected provider when it arrives. IDK if that's the way to go here but it's at least an option.

If y'all would take a PR for this, we can probably get some attention on it; it's certainly possible to fix at some other layer but this seems like the right place.

0xean commented 2 years ago

Shapeshift is adding a bounty to try and move this issue along. We will pay this bounty out to any bounty hunter who successfully is able to raise a PR that: 1) is accepted by the MetaMask team 2)resolves the issue of working with strict CSPs

0xean commented 2 years ago

https://gitcoin.co/issue/metamask/detect-provider/31/100028664

mrnerdhair commented 2 years ago

:arrow_up: We've done some research here and are happy to help out any potential bounty hunters (who could, of course, be MetaMask team members themselves!) however we can; drop us a line and we can help get you spun up.

Pandapip1 commented 2 years ago

Can Repro: image

Pandapip1 commented 2 years ago

I've submitted a PR at https://github.com/MetaMask/metamask-extension/pull/14233. It got locked by mistake though.

gitcoinbot commented 2 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work has been started.

These users each claimed they can complete the work by 264 years, 4 months from now. Please review their action plans below:

1) pandapip1 has started work.

I'll look into this. I think it might be possible to modify the CSP header to include a nonce. 2) recep9227 has started work.

Daha tam ne yapmam gerektiğini çözemedim gitti 3) koksymaglo has started work.

This is a very good project to meet up 4) emoo16 has started work.

Jdbdbdbdbd dbksdbbdnxbdbxhdndbxbxbcbc 5) jetsadakon44 has started work.

Welcome to Gboard clipboard, any text you copy will be saved here. 6) mitumaru has started work.

Carbon bamboo repeat rich vivid spend trend grocery donkey usual evidence salad 7) lehuuhieu7777 has started work.

Kiếm tiền thưởng của tôi phải như thế nào 8) montana02 has started work.

I understand that this bounty is contest and I have agreed to keep the funder informed of my progress 9) memo83mk has started work.

Nice i want any coin of the world thanks 10) adler60 has started work.

I will check the CSP and do my best to restore it. 11) amaris101 has started work.

5AE401DC00000000000000000000000000000000000000000000000000000000625F4866000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000AC000000000000000000000000000000000000000000000000000000000000158000000000000000000000000000000000000000000000000000000000000015C000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000001640000000000000000000000000000000000000000000000000000000000000168000000000000000000000000000000000000000000000000000000000000016C000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000001740000000000000000000000000000000000000000000000000000000000000178000000000000000000000000000000000000000000000000000000000000017C000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000001840000000000000000000000000000000000000000000000000000000000000188000000000000000000000000000000000000000000000000000000000000018C000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000001940000000000000000000000000000000000000000000000000000000000000198000000000000000000000000000000000000000000000000000000000000019C00000000000000000000000000000000000000000000000000000000000001A000000000000000000000000000000000000000000000000000000000000001A400000000000000000000000000000000000000000000000000000000000001A800000000000000000000000000000000000000000000000000000000000001AC00000000000000000000000000000000000000000000000000000000000001B000000000000000000000000000000000000000000000000000000000000001B400000000000000000000000000000000000000000000000000000000000001B800000000000000000000000000000000000000000000000000000000000001BC00000000000000000000000000000000000000000000000000000000000001C000000000000000000000000000000000000000000000000000000000000001C400000000000000000000000000000000000000000000000000000000000001C800000000000000000000000000000000000000000000000000000000000001CC00000000000000000000000000000000000000000000000000000000000001D000000000000000000000000000000000000000000000000000000000000001D400000000000000000000000000000000000000000000000000000000000001D800000000000000000000000000000000000000000000000000000000000001DC00000000000000000000000000000000000000000000000000000000000001E000000000000000000000000000000000000000000000000000000000000001E400000000000000000000000000000000000000000000000000000000000001E800000000000000000000000000000000000000000000000000000000000001EC00000000000000000000000000000000000000000000000000000000000001F000000000000000000000000000000000000000000000000000000000000001F400000000000000000000000000000000000000000000000000000000000001F800000000000000000000000000000000000000000000000000000000000001FC000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000002040000000000000000000000000000000000000000000000000000000000000208000000000000000000000000000000000000000000000000000000000000020C000000000000000000000000000000000000000000000000000000000000021000000000000000000000000000000000000000000000000000000000000002140000000000000000000000000000000000000000000000000000000000000218000000000000000000000000000000000000000000000000000000000000021C000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000002240000000000000000000000000000000000000000000000000000000000000228000000000000000000000000000000000000000000000000000000000000022C000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000002340000000000000000000000000000000000000000000000000000000000000238000000000000000000000000000000000000000000000000000000000000023C000000000000000000000000000000000000000000000000000000000000024000000000000000000000000000000000000000000000000000000000000002440000000000000000000000000000000000000000000000000000000000000248000000000000000000000000000000000000000000000000000000000000024C000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000002540000000000000000000000000000000000000000000000000000000000000258000000000000000000000000000000000000000000000000000000000000025C000000000000000000000000000000000000000000000000000000000000026000000000000000000000000000000000000000000000000000000000000002640000000000000000000000000000000000000000000000000000000000000268000000000000000000000000000000000000000000000000000000000000026C000000000000000000000000000000000000000000000000000000000000027000000000000000000000000000000000000000000000000000000000000002740000000000000000000000000000000000000000000000000000000000000278000000000000000000000000000000000000000000000000000000000000027C000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000002840000000000000000000000000000000000000000000000000000000000000288000000000000000000000000000000000000000000000000000000000000028C000000000000000000000000000000000000000000000000000000000000029000000000000000000000000000000000000000000000000000000000000002940000000000000000000000000000000000000000000000000000000000000298000000000000000000000000000000000000000000000000000000000000029C00000000000000000000000000000000000000000000000000000000000002A000000000000000000000000000000000000000000000000000000000000002A400000000000000000000000000000000000000000000000000000000000002A800000000000000000000000000000000000000000000000000000000000002AC00000000000000000000000000000000000000000000000000000000000002B000000000000000000000000000000000000000000000000000000000000002B400000000000000000000000000000000000000000000000000000000000002B800000000000000000000000000000000000000000000000000000000000002BC00000000000000000000000000000000000000000000000000000000000002C000000000000000000000000000000000000000000000000000000000000002C400000000000000000000000000000000000000000000000000000000000002C800000000000000000000000000000000000000000000000000000000000002CC00000000000000000000000000000000000000000000000000000000000002D000000000000000000000000000000000000000000000000000000000000002D400000000000000000000000000000000000000000000000000000000000002D800000000000000000000000000000000000000000000000000000000000002DC00000000000000000000000000000000000000000000000000000000000002E000000000000000000000000000000000000000000000000000000000000002E400000000000000000000000000000000000000000000000000000000000002E800000000000000000000000000000000000000000000000000000000000002EC00000000000000000000000000000000000000000000000000000000000002F000000000000000000000000000000000000000000000000000000000000002F400000000000000000000000000000000000000000000000000000000000002F800000000000000000000000000000000000000000000000000000000000002FC000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000003040000000000000000000000000000000000000000000000000000000000000308000000000000000000000000000000000000000000000000000000000000030C000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000003140000000000000000000000000000000000000000000000000000000000000318000000000000000000000000000000000000000000000000000000000000031C000000000000000000000000000000000000000000000000000000000000032000000000000000000000000000000000000000000000000000000000000003240000000000000000000000000000000000000000000000000000000000000328000000000000000000000000000000000000000000000000000000000000032C000000000000000000000000000000000000000000000000000000000000033000000000000000000000000000000000000000000000000000000000000003340000000000000000000000000000000000000000000000000000000000000338000000000000000000000000000000000000000000000000000000000000033C000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000003440000000000000000000000000000000000000000000000000000000000000348000000000000000000000000000000000000000000000000000000000000034C000000000000000000000000000000000000000000000000000000000000035000000000000000000000000000000000000000000000000000000000000003540000000000000000000000000000000000000000000000000000000000000358000000000000000000000000000000000000000000000000000000000000035C000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000003640000000000000000000000000000000000000000000000000000000000000368000000000000000000000000000000000000000000000000000000000000036C000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000003740000000000000000000000000000000000000000000000000000000000000378000000000000000000000000000000000000000000000000000000000000037C000000000000000000000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000003840000000000000000000000000000000000000000000000000000000000000388000000000000000000000000000000000000000000000000000000000000038C000000000000000000000000000000000000000000000000000000000000039000000000000000000000000000000000000000000000000000000000000003940000000000000000000000000000000000000000000000000000000000000398000000000000000000000000000000000000000000000000000000000000039C00000000000000000000000000000000000000000000000000000000000003A000000000000000000000000000000000000000000000000000000000000003A400000000000000000000000000000000000000000000000000000000000003A800000000000000000000000000000000000000000000000000000000000003AC00000000000000000000000000000000000000000000000000000000000003B000000000000000000000000000000000000000000000000000000000000003B400000000000000000000000000000000000000000000000000000000000003B800000000000000000000000000000000000000000000000000000000000003BC00000000000000000000000000000000000000000000000000000000000003C000000000000000000000000000000000000000000000000000000000000003C400000000000000000000000000000000000000000000000000000000000003C800000000000000000000000000000000000000000000000000000000000003CC00000000000000000000000000000000000000000000000000000000000003D000000000000000000000000000000000000000000000000000000000000003D400000000000000000000000000000000000000000000000000000000000003D800000000000000000000000000000000000000000000000000000000000003DC00000000000000000000000000000000000000000000000000000000000003E000000000000000000000000000000000000000000000000000000000000003E400000000000000000000000000000000000000000000000000000000000003E800000000000000000000000000000000000000000000000000000000000003EC00000000000000000000000000000000000000000000000000000000000003F000000000000000000000000000000000000000000000000000000000000003F400000000000000000000000000000000000000000000000000000000000003F800000000000000000000000000000000000000000000000000000000000003FC0000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000040400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000694F7B02B8B40D5AA9BFCB98F6BB9E63477C913400000000000000000000000000000000000000000000000000000000000000200000000000000000000000000695F20706887A6823111C6EB659F67303593355000000000000000000000000000000000000000000000000000000000000002000000000000000000000000012C7824845440DA1B0EBFCB33E15CCDB07BCEA63000000000000000000000000000000000000000000000000000000000000002000000000000000000000000020B4B5C1A60AC46E844CB7422EDA45517325E4990000000000000000000000000000000000000000000000000000000000000020000000000000000000000000141D48801ABC47213D7F714B77618E698ADCBE440000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DFF92A1D3C7832CBCC762EE5F326679DD801648E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005653BBB15DD5075EF9F0DF9860CB54ABFAC486420000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C04A71F2A0953A4A65CD2613D24A364714F3B59C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000839C8B27C0C01E9F1C17F4B90934ECA8E0CC6740000000000000000000000000000000000000000000000000000000000000002000000000000000000000000099FD1378CA799ED6772FE7BCDC9B30B38951896200000000000000000000000000000000000000000000000000000000000000200000000000000000000000003F47A66ADA01491C3D364599E5BCBF80A1A6709200000000000000000000000000000000000000000000000000000000000000200000000000000000000000009B814233894CD227F561B78CC65891AA55C62AD20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000765AD3FF78415831D9C69DEE1CD5D56D09736ADC00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007FBAF24BE5FB8EAEFA5ADD9AF3F7052D3FF52E4000000000000000000000000000000000000000000000000000000000000000200000000000000000000000009469C98BE5AFD94CD601E094BC401DDD37F480A30000000000000000000000000000000000000000000000000000000000000020000000000000000000000000355D9AE5E1280DAE29442F250DA325A0F7D5545E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B32B4350C25141E779D392C1DBE857B62B60B4C90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F23A873B5BC29D9269AD4A50F093477F4599C00700000000000000000000000000000000000000000000000000000000000000200000000000000000000000006910940164948FDAFB087BFDFE75C0CEBDCF503E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000842A93C4733A1601885FE2B581470A4286C58B400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A94181F3FBC5DC4C74F550B568318227D8A454A0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000052A9768FA97864184F5AFE1AD3D72C4E4E7DC126000000000000000000000000000000000000000000000000000000000000002000000000000000000000000095D6D4CC1703BB1A487C941B0F009FEC4521B22E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000006EEBDA76E452F2F95867D56B70F1224148BF6BFC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F9E782702E97793BE1119E99120F266B5D47BCF60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000563415679588E508C0C8F0A729C9BF898406E9B50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000564B31FE75510A1ADB311AECE4FAA63346ED142C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000CD531AE9EFCCE479654C4926DEC5F6209531CA7B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FFA914C83D851B9FE372E4BA6A6E131373AA16AB000000000000000000000000000000000000000000000000000000000000002000000000000000000000000025EDB46CBB7744DE5507EBE50B5086D236B630730000000000000000000000000000000000000000000000000000000000000020000000000000000000000000580150CE0052C40B09D20FFF61E5A71BA4CFBF4F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E3654C84730C073BAA8CEA97569A7E30E6F3D8D70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E622D4742505298E1DC592D4585F6730D379F48200000000000000000000000000000000000000000000000000000000000000200000000000000000000000002079C29BE9C8095042EDB95F293B5B510203D6CE000000000000000000000000000000000000000000000000000000000000002000000000000000000000000098041AB523024DACAEFA3BB70DD982DBAC68E8550000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B6CAD910EB912EF13A030B682BF77AA8F781DA60000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063AEA877B5D5FA234A1532F1B26A4F6D9051866E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000040D775827365AE4D54CBC08A1A1C4F586B2C1D0A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004F6FFF5CD87EAF8CF09467366FE783E7ECB1317B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000995A09ED0B24EE13FBFCFBE60CAD2FB6281B479F000000000000000000000000000000000000000000000000000000000000002000000000000000000000000033AAAA216AA492808D5CE5A4C69134CA71F3AE3F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DD152203CBAB78E2479FCE5820F6A0DA2966735A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005BE8F739C8EA94D99B44AB0B1421889C8B99B2E10000000000000000000000000000000000000000000000000000000000000020000000000000000000000000370CECA4FC1287ED99924BBA76259F6C771A602200000000000000000000000000000000000000000000000000000000000000200000000000000000000000009499054D02A725316D61FA896C29D58550EE4A5B000000000000000000000000000000000000000000000000000000000000002000000000000000000000000093E45360F7E5B0B85D8E65DAE9FA1A6F2AF5681900000000000000000000000000000000000000000000000000000000000000200000000000000000000000005074E50174858884143B3DC75BC7217FBF5DD5CC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DF8DD5E0B4168F20A3488AD088DDB198FE602CB3000000000000000000000000000000000000000000000000000000000000002000000000000000000000000024BA1542F8A0A20E8251D096213384CFB0EE3DBC000000000000000000000000000000000000000000000000000000000000002000000000000000000000000012F37431468EB75C2A825E2CF8FDE773AD94C8EA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000403466A60252E6339572757645426C62894B8BB6000000000000000000000000000000000000000000000000000000000000002000000000000000000000000090C685C31953C2B2675F723E7FA74EFC83FA8FCA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F140DDEBB4CABA6838C63617105DC2DD2964A3FD00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004E96B1D50F77C99F0E1DF50D75AEEC6EDB12425000000000000000000000000000000000000000000000000000000000000000200000000000000000000000008DBB75C576B71B43EEA54398F8606AEC530181DC00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007DBDEC4EDBEB5FA3C9F79A87AF427B970A88D90D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000BDC21FAE769D7F5469993D8E83B465495D88CFC0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000032CC2EC897F21A77A704E9A7313AF6A640C47BB50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000AA364C1A348F9517009207A1601E0A73C1CD530B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000003AD6A7608056AA931721CB6268854EA5E319683E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000357C9E10E2CBE30C7DB33AEEB499DC02E6DC6D590000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FE5573C66273313034F7FF6050C54B540255371600000000000000000000000000000000000000000000000000000000000000200000000000000000000000006B92686C40747C85809A6772D0EDA8E22A77C60C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000239EEC9EC218F71CEF5CC14D88B142ED4FF4411000000000000000000000000000000000000000000000000000000000000000200000000000000000000000007F08D733A2C4E65E88975AEF8F80FA694EF339C1000000000000000000000000000000000000000000000000000000000000002000000000000000000000000037FACC790B36DC08446381C4873962F2BC94A5D20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C13CED137E90BC695CB77288962280516A2F9B8B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000003A8315E25378CE9FC0D3279B26EC0576DE52C0FF0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000268D3A8C4701000546DD0BF959BF6C8956CC3E5E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000085F6A9FE887ED0419E0B7B9B4213DD35495F94A400000000000000000000000000000000000000000000000000000000000000200000000000000000000000009ED6C4AC6CDD4D579AA0F39E69AF838D0B057D560000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E0A712CF781A75BE8296EDD14D8A265244D246C60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B87F5110F19A42058908343EE10E5337A2B1118700000000000000000000000000000000000000000000000000000000000000200000000000000000000000004828869C68CE66F13B96AD24F4422F5537CCA8A1000000000000000000000000000000000000000000000000000000000000002000000000000000000000000011B50686D3983C14C0D0972A5E46E38E0D9B2E1400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007B2E61235D90678803DE1C911BDD51C7BD0AF06B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C3F988844BBACE6EED31541DF89FAA93E4AB2C400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D2628FB21499C690F5015AF5DF410A6FC72DF72F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FD192166D291281D7576BAC91B32615774B205DC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000906F31EB6331B6D069CAC3A7158FFED09BC93D3800000000000000000000000000000000000000000000000000000000000000200000000000000000000000006E6A5ADE90E60AE883F0B35FB2E8D8F66E5D7A070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F7AAB787787631D5D180B54B83747E6654E8F6B6000000000000000000000000000000000000000000000000000000000000002000000000000000000000000090EC199C9333BA04FAFA6D907D9F9DE2FD574B260000000000000000000000000000000000000000000000000000000000000020000000000000000000000000272E6F394C4F83D56923646873BAE4A41B703CD900000000000000000000000000000000000000000000000000000000000000200000000000000000000000002BE2273452CE4C80C0F9E9180D3F0D6EEDFA79230000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B460336E8850BA79C56CFA6E47DE2FCD3D2D3D6300000000000000000000000000000000000000000000000000000000000000200000000000000000000000003B27E9C6FB87BF783E4FF0707C8D74DADFA19C5B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F5830FF9B625B60131D82530C51C9E294A9F74780000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FC48426DA0338735945BADEF273736CCFF53A3580000000000000000000000000000000000000000000000000000000000000020000000000000000000000000080EA8D13AFD027C544C5FAFA260D8EEA60FFFE70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000BAD1990C2967231BC9A4FA9562EA68E65DD2B25D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EBC18D25D8122DA21F73A6BCB78971671F21F6FF0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C229D7D3DD662A1B107E29AA84BB0C8FF609CF3A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002EFDA14A0BDF5629AC06BB1FD70AA09A7D382A3E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000018333A87FB0E60A01864A3F9668124FA793951E70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A75EDE99F376DD47F3993BC77037F61B5737C6EA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B27979B64541D414EE84C2E644EE0B399D9904D80000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B507FBBAA0DA1A39F22B986C2D4CB3B8084E8B940000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EFACB3FB194D5E80E569B3AC50669CF22E48F63B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000356F029FB2F673CA083EA223D5835F4AC00539DD000000000000000000000000000000000000000000000000000000000000002000000000000000000000000091BCBBEB500E49BE5F13857362E0B1911E93A9B20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B1F3C577B81BED198C144B05B63AE185B313254F00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000FFAD609D35C4BEF104EE245A9C4C891D463AA2A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002564A597E6E51C668E26D97510D1867901E94471000000000000000000000000000000000000000000000000000000000000002000000000000000000000000049C3DA263BB10120DF7435CF69456DE86EDB4A6500000000000000000000000000000000000000000000000000000000000000200000000000000000000000004EC6B6F9BCDDA4432CC134779B62BF8770D925B200000000000000000000000000000000000000000000000000000000000000200000000000000000000000006A8AC02FAB86AA8FD2D8F8ADDC37CA3350D5BD6F000000000000000000000000000000000000000000000000000000000000002000000000000000000000000006AC16FF8CAA7C7A4D66F506A4C74D4DA9E8569E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FD346666549F8030EB121CB482434A7AB85B577F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000011B0A055E02425461A1AE95B30F483C4FF05BE700000000000000000000000000000000000000000000000000000000000000200000000000000000000000009B1ACD4336EBF7656F49224D14A892566FD48E6800000000000000000000000000000000000000000000000000000000000000200000000000000000000000009C5083DD4838E120DBEAC44C052179692AA5DAC50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DC5B961A5AB04AC38321C89100584FB96572193100000000000000000000000000000000000000000000000000000000000000200000000000000000000000001CFD3CBFB5C530205D69291A4F8E6019BBE754B60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000548EFCE69BB82A16F3911A86A65384327C99C3AB0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D26C9529AACFBAC9E49EEB4F1C719C4621745BC8000000000000000000000000000000000000000000000000000000000000002000000000000000000000000001C9E12C365DD28BD169EFEA6E5B7939A687C85600000000000000000000000000000000000000000000000000000000000000200000000000000000000000008A97A1C3D09D9965F1A0AAD6754D6DEEC10EC0080000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ED6B3DC95E6E41156CDE61A206668935D7E958A400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007D51997B2853B7C097A0071C086DF4A946096331000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026D7B4FE67F4601643304B5023B3CAF3A72E8504000000000000000000000000000000000000000000000000000000000000002000000000000000000000000040C839B831C90173DC7FBCE49A25274A4688DDD90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C18BAB9F644187505F391E394768949793E9894F00000000000000000000000000000000000000000000000000000000000000200000000000000000000000009C43DD3F55A016B1D678F7C6405302E44671D0B90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B0BAA65689611C9D04BB5ED2732D8B997058336000000000000000000000000000000000000000000000000000000000000000200000000000000000000000007D0383D358C8751596DC2BB030ADDB1751B70DA000000000000000000000000000000000000000000000000000000000000000200000000000000000000000003869DBAE46454EFB20E20C136E751A272922530D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E5B8FF1CA1C3EF2AC704783D6473EE5A9BE7E02D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000775490B4C406658C425F9A1CA76199463DCE948300000000000000000000000000000000000000000000000000000000000000200000000000000000000000004191131CD452E9729546B79F9F4E00C12E1D1C220000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DE1C59BC25D806AD9DDCBE246C4B5E55056457180000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FB594517B65A2712E8775884DC15A3AEBC43094A0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DEAD0D7C6ABE46B133CCE19AA1FFD282F301AC070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000944FDEA9D4956CE673C7545862CEFCCAD6EE1B0400000000000000000000000000000000000000000000000000000000000000200000000000000000000000009AFDA3ADFC3588B4404F79792A97F2116957300C000000000000000000000000000000000000000000000000000000000000002000000000000000000000000011360F0C5552443B33720A44408ABA01A809905E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004EF9F74DB039959FFA54D28EDD7096FCA8760A8E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000087D3EE8CC75C3916E3B6F56E307AADCD3AFEFF68000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026ED4F387A7059A883701EA161B1C581B006A77A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000006627C849FFED9B78B192602085987384D686FB130000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E1D29D0A39962A9A8D2A297EBE82E166F8B8EC180000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E22619F6D538DE6E0B6C1845174D45E90CBD3576000000000000000000000000000000000000000000000000000000000000002000000000000000000000000047F87B17367C502C9F3D59159C4621B34B8CFD3E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E82EAE06EBE399EC24C447185A3E163E31BEFE99000000000000000000000000000000000000000000000000000000000000002000000000000000000000000052A42429BDAAD4396F128CB92167E64A96BE8A6100000000000000000000000000000000000000000000000000000000000000200000000000000000000000003C8CBD613857965267BCD4BDEC7B794DD53969A0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063495284B373224C88DB0354F043F7F3584B9DC60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A9E8BD5F14C553EF8D8215EAD82997560162132D00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005AF278B1C423A320425CD46F3F6E9C08C814BF860000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EB63EE9C8BE4C1D14C6D352FAD5CA8F933BE7AF80000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ECA588E75C8EB0D2322F52C2C90BD525C5A5D93D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EF0CFA1DF7ACC83AF898E701839CA7EB72896EB10000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A425F914E2CDC749D686E627325E7B6CD43EFF6D000000000000000000000000000000000000000000000000000000000000002000000000000000000000000091364516D3CAD16E1666261DBDBB39C881DBE9EE000000000000000000000000000000000000000000000000000000000000002000000000000000000000000038A4D889A1979133FBC1D58F970F0953E3715C26000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026F2755277456917544ED13592A807F3560750060000000000000000000000000000000000000000000000000000000000000020000000000000000000000000CE90A7949BB78892F159F428D0DC23A8E3584D750000000000000000000000000000000000000000000000000000000000000020000000000000000000000000442DCCEE68425828C106A3662014B4F131E3BD9B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002E3BF43C2937925BD3E9F61B0362276255FE30960000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D23C85224940FB5B5148BA212277C8516F31947E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000032573F29F8F407F5C291E0D2CF9B08116A8053C90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000484F2BFE6EA59D667FD5CB29ED259329180D05070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FDF9A868134EC587EEEE6BE4C4A3F564DAFBF90B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000763D5D93F27615AAC852B70549F5877B9219386400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007BEF8662356116CB436429F47E53322B711F4E4200000000000000000000000000000000000000000000000000000000000000200000000000000000000000000938C0A225F59F9AE4F2DB1D7BE7AAEE75DB66540000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D2AF803AD747EA12ACF5AE468056703AE48785B50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000792110D7BAB2273B0C084D4E5A6FDDB9F8CD667300000000000000000000000000000000000000000000000000000000000000200000000000000000000000001DE0C9B91CDD14F3C17518A027877BAFF2003E2B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007C3D434D79DDDAC3174CE0819F55ED82E02761470000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D75233704795206DE38CC58B77A1F660B5C608960000000000000000000000000000000000000000000000000000000000000020000000000000000000000000571531258FDC9AF3920A1F9067499605890812B9 12) thao7 has started work.

Tôi thấy kế hoạch này rất là hay ok cảm ơn anh em anh em mệt rồi tất cả nghĩ ngơi 13) zorkil3 has started work.

Lutfen ödülümü alabilirmiyim yada nasil alacgim 14) drswim94 has started work.

Anything possible that will have me grow my money and support my family 15) sudarno08 has started work.

0x4651483cf317E06ED7A44d5CE3Dc0A04Af1c2Ef4 16) przemek1553662771 has started work.

0x4651483cf317E06ED7A44d5CE3Dc0A04Af1c2Ef4 17) lenanazarevich has started work.

Впервые пробую свои силы здесь. Не судите строго. Всем успехов

Learn more on the Gitcoin Issue Details page.

gitcoinbot commented 2 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work for 2000.0 FOX (304.8 USD @ $0.15/FOX) has been submitted by:

  1. @recep9227
  2. @koksymaglo
  3. @pandapip1
  4. @lehuuhieu7777
  5. @mitumaru
  6. @thao7
  7. @sudarno08
  8. @przemek1553662771
  9. @dat999999

@0xean please take a look at the submitted work:

MBMaria commented 2 years ago

Is this still an open bounty?

Pandapip1 commented 2 years ago

I believe so.

mrnerdhair commented 2 years ago

Everyone / @MBMaria / @0xean :

Having seen no useful progress on this issue so far -- and in face of internal reprioritizations -- we're withdrawing this bounty. :(

MBMaria commented 2 years ago

Thanks for the update @mrnerdhair . will make the necessary changes. Hope all goes well for your dads surgery, and hope to still see you around the DAO! Best of luck.

xgambitox commented 2 years ago

We also at yearn.finance have this issue while connecting a wallet using Metamask mobile since we disallow inline scripts on CSP for security reasons. Other protocols that harden their web app security will also have this issue.

An alternative could be bundling the script and serve it in a domain that apps can whitelist in the script-src, and also using SRI to validate its integrity.

naugtur commented 1 year ago

Hi everyone. I think I have a solution for this. Gotta work on it a bit more with the mobile team. Keep an eye out for updates.

@mrnerdhair @xgambitox @MBMaria

renzor-fist commented 9 months ago

We have a strict CSP (sets nonces on script tags) that breaks Metamask in Firefox but doesn't break in Chrome. Has anyone noticed this?

xgambitox commented 9 months ago

We have a strict CSP (sets nonces on script tags) that breaks Metamask in Firefox but doesn't break in Chrome. Has anyone noticed this?

Firefox is more strict in their policies, it blocks inline scripts injected by add-ons, which is not the case in Chrome with extensions. Issue around it seems to still be opened here https://github.com/MetaMask/metamask-extension/issues/3133

I ended up implementing a workaround by adding the needed code directly into the repo, you can check it out here if it helps, but most likely needs to be updated as the repo is no longer maintained https://github.com/yearn/yearn-finance-v3/pull/739

renzor-fist commented 9 months ago

Thanks for the advice @xgambitox . I'm trying to trace back your code to the metamask implementation. Do you know where you pulled the code in src/core/frameworks/metamask/index.ts from?

xgambitox commented 9 months ago

Thanks for the advice @xgambitox . I'm trying to trace back your code to the metamask implementation. Do you know where you pulled the code in src/core/frameworks/metamask/index.ts from?

Its an adaptation of what the metamask extension itself executes when it injects its code. Have a look at https://github.com/MetaMask/metamask-extension/blob/030d8cb62d90f9dbdf2f82ef17d72f15fbdd986a/app/scripts/inpage.js#L54