Closed XRP-DEV closed 2 years ago
Created a PR for this change
Thanks for this. However, we didn't add this feature for good reasons. We decided to not include this feature in the past and we still stand by the reasons for deciding this in the past. We have discussed this internally some time ago. We decided not to add the feature for users to add free text node addresses to Xumm.
This is where we prioritize end user protection above all. For bad actors, it's easy to spin up a custom network, trick users into adding their node URL (possibly hosted on a fancy, confusing domain name), making the end users believe they received something of value (e.g. XRP, but then fake XRP on the scam network).
Also, for security reasons, Xumm as an egress firewall: Xumm cannot connect to nodes not on an explicit whitelist, which is why we proxy non-standard node addresses through our platform. We must whitelist non standard node addresses there.
The way we currently deal with this is:
Even our own Hooks V2 testnet has to be added this way, for example (see the QR): https://xumm.notion.site/Hooks-V2-staging-net-info-XLS20-518fa261c5cd49d2bcb89a5b9e7bef05
Thanks for this. However, we didn't add this feature for good reasons. We decided to not include this feature in the past and we still stand by the reasons for deciding this in the past. We have discussed this internally some time ago. We decided not to add the feature for users to add free text node addresses to Xumm.
This is where we prioritize end user protection above all. For bad actors, it's easy to spin up a custom network, trick users into adding their node URL (possibly hosted on a fancy, confusing domain name), making the end users believe they received something of value (e.g. XRP, but then fake XRP on the scam network).
Also, for security reasons, Xumm as an egress firewall: Xumm cannot connect to nodes not on an explicit whitelist, which is why we proxy non-standard node addresses through our platform. We must whitelist non standard node addresses there.
The way we currently deal with this is:
- Decide if another network is safe enough to allow end users to interact
- Add it to our proxy whitelist, assigning an UUID
- Generate a QR for end users to add the custom node based on the UUID
Even our own Hooks V2 testnet has to be added this way, for example (see the QR): https://xumm.notion.site/Hooks-V2-staging-net-info-XLS20-518fa261c5cd49d2bcb89a5b9e7bef05
Thanks for the speedy reply and info.
Is your feature request related to a problem? Please describe. Not related
Describe the solution you'd like A new entry should be added to the note list for devnet (NFTs) and also it should be freetext, so a user can just enter any URL to use as Node.
Todo
Additional context