Client-side blockchain transaction on Firefox: all requests to geth node fail until security exception is added self-signed certificate on eth node URL

OutlierVentures / BuyCoPoc

BuyCo.io Proof of Concept on an Ethereum blockchain

Apache License 2.0

0 stars 1 forks source link

Client-side blockchain transaction on Firefox: all requests to geth node fail until security exception is added self-signed certificate on eth node URL #82

Closed AronVanAmmers closed 8 years ago

AronVanAmmers commented 8 years ago

When backing a proposal I get this:

There was an error processing your request.
Invalid JSON RPC response:

To be further analysed (with clean situation).

AronVanAmmers commented 8 years ago

Reproduced with a clean account (while making an offer).

2016-03-04 14_53_47-buyco proof of concept

AronVanAmmers commented 8 years ago

Analyzed the code up to the call to SolidityFunction.prototype.sendTransaction. The payload variable is set identically in FF and Chrome (where it does work correctly).

SolidityFunction.prototype.sendTransaction = function () {
    var args = Array.prototype.slice.call(arguments).filter(function (a) {return a !== undefined; });
    var callback = this.extractCallback(args);
    var payload = this.toPayload(args);

    if (!callback) {
        return web3.eth.sendTransaction(payload);
    }

    web3.eth.sendTransaction(payload, callback);
};

TODO: check the actual JSON response for the tx TODO: test whether ethereumjs-accounts works in FF at all, using the simple example

AronVanAmmers commented 8 years ago

A bit deeper in the belly of hookedWeb3provider: the error occurs on a call to eth_getTransactionCount.

2016-03-04 15_22_34-firebug - buyco proof of concept

AronVanAmmers commented 8 years ago

The request.responseText is simply empty. If I execute a request with the same payload in Postman, it does give the correct result.

E.g.:

{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0x234e2195fdfd03fef7926815bd8802d4476d45fa","pending"],"id":1457103674937}

Gives:

{
  "id": 1457103674937,
  "jsonrpc": "2.0",
  "result": "0x7"
}

AronVanAmmers commented 8 years ago

Cause: the self-signed certificate selfsigned.blockstars.io was trusted by exception for https://selfsigned.blockstars.io:4124 (the local dev URL for the app). However it was not trusted by Firefox for https://selfsigned.blockstars.io:4125 (the HTTPS wrapper for the JSON RPC endpoint of the geth node).

In retrospect this was visible in the NET panel. All requests to the eth node were blocked. This didn't occur to me because the rest of the app works fine. But all data shown arrived through the backend API, the connection to the web3 node had never worked.

2016-03-04 16_13_40-network - buyco proof of concept

Workaround: open https://selfsigned.blockstars.io:4125/ once in a Firefox tab and add an exclusion.

Long-term solution: use a real certificate for local development. E.g. create one for something like local.dev.blockstars.io or local.dev.buyco.blockstars.io through letsencrypt, and include this instead of the self-signed certificate.