aeternity / aepp-sdk-js

JavaScript SDK for the æternity blockchain
http://docs.aeternity.com/aepp-sdk-js/
ISC License
120 stars 59 forks source link

Browser extension shouldn't open connections to pages that not using it #1417

Open davidyuk opened 2 years ago

davidyuk commented 2 years ago

https://github.com/aeternity/aepp-sdk-js/blob/9f2f22a97c84b00efda5f11373836eddfaa26f50/examples/browser/wallet-web-extension/src/content-script.js#L19

https://github.com/aeternity/aepp-sdk-js/blob/9f2f22a97c84b00efda5f11373836eddfaa26f50/examples/browser/wallet-web-extension/src/background.js#L67-L73

Together these parts make all opened pages be in sdk.rpcClients. Superhero wallet reloads connected pages in some cases and this makes it reload extra pages.

Try to make the fix not breaking aepp<->content-script connection.

subhod-i commented 2 years ago

@davidyuk I have given a lot of thought to this. Tried a few implementations too. as I observe, the wallet keeps on emitting shareWalletInfo. My first thought was the content-script bridge https://github.com/aeternity/aepp-sdk-js/blob/9f2f22a97c84b00efda5f11373836eddfaa26f50/examples/browser/wallet-web-extension/src/content-script.js#L38 will not run by default. Aepps would explicitly need to send a connectionRequest via postMessage. This would break the existing aepp<-> content-script connection.

Try to make the fix not breaking aepp<->content-script connection. I am not sure how to establish a connection without either one of the parties initiating the connection or both have to be in a loop.

davidyuk commented 2 years ago

As I know, the problem is that when the wallet connects to it's content script it considers to be connected to app even if aepp doesn't talk to content script. We need somehow to track the intermediate state when the wallet is connected to content script, but not to the aepp yet 🤔

davidyuk commented 2 years ago

Actually, it is not necessary to remove extra rpc clients, because it can be detected is aepp connected or not by _isRpcClientConnected (but need to make it public somehow).