search

airgap-it / beacon-sdk

The beacon sdk allows developers of dApps and wallets on Tezos to implement the wallet interaction standard tzip-10.
https://walletbeacon.io
MIT License
102 stars 64 forks source link

Requirement company firewall: Fixed Beacon-Node URL #785

Open jdsika opened 1 month ago

jdsika commented 1 month ago

Hi Team,

I am having the following issue when trying to use beacon (indepentend from applications): The node url changes periodically and I have to apply for a firewall exception each time at BMW.

The same way as the magic link for tzBTC was changed to a single url I would need it here: Current: https://beacon-node-1.beacon-server-1.papers.tech/_synapse/client/beacon/info example: https://beacon-node.papers.tech/_synapse/client/beacon/info

My error:

Quellübergreifende (Cross-Origin) Anfrage blockiert: Die Gleiche-Quelle-Regel verbietet das Lesen der externen Ressource auf https://beacon-node-1.beacon-server-1.papers.tech/_synapse/client/beacon/info. (Grund: CORS-Anfrage schlug fehl). Statuscode: (null).

jdsika commented 2 weeks ago

This is high priority for me. Can you please have a look at it?

AndreasGassmann commented 1 week ago

Hi @jdsika, sorry for the late reply.

I understand the error you have regarding the changing URL and having to allowlist them all. But I don't understand where you get the CORS error. CORS errors can often "mistakenly" appear if a server cannot be reached, which seems to be the case in those networks you are talking about.

Sadly, I don't know how we can solve this "allowlist" problem, other than adding all the URLs to the allowlist.

The reason why there is sometimes a new node/URL selected is because the beacon-sdk automatically runs a test on pageload about which server (or servers in a region) responds fastest. And that node will be selected automatically.

Another problem is that we cannot add a load balancer for those servers, even if we wanted to. When registering or logging in to the beacon-network, the actual server-name is part of the username. So if you select eg. beacon-node-1.hope.papers.tech as your server, it will log you in as <key>.beacon-node-1.hope.papers.tech. This suffix needs to match the name of the server, otherwise the login will fail. If we added a load-balancer, then the name of the load-balancer-URL would be used as a server-name, and it would not work. The reason why this is is because beacon is built on top of the matrix protocol, and matrix requires users to be registered on one "homeserver", and accounts can not be transferred from one to another homeserver.

To summarise, I currently cannot think of a solution that we can implement on the sdk-level. One of the main features of beacon is that the network is decentralised, so it is possible and necessary for many different servers to exist. We're open for any ideas that you have, but currently the only thing I see would be to add all the servers from https://beacon-node-1.beacon-server-1.papers.tech/_synapse/client/beacon/info to the allowlist (this should work for now because they don't change frequently).

jdsika commented 3 days ago

ok, would it be possible to configure a fixed "homeserver" in the application and maybe one backup in order to tell users "if you have issues please allow those two https connections"?