Open rolznz opened 9 months ago
To reproduce:
In an incognito tab, connect via generic NWC URL that I get from nwc.getalby.com and then disconnect. I can still use window.webln to pay
I don't think so. why would that be a problem? this is also a side-effect of setting global variables.
I guess once disconnected the app just should need to call .enable() again. but disconnecting also makes only partly sense it's controlled by the app anyway.
@bumi it might be a problem if a website continues to pay after the user disconnects, I don't think there is any way we can manually update the webln object to disable it right now (unless we have a proxy around the webln object)
that's how websites work. you can not control what the website is doing or force them to do something. I think you are trying to do something that is just not possible. EVEN if you reset window.webln to null - the website still could just keep a webln object.
this is how client side JS apps work and why the client must be treated as evil. no code that you would write which is exectuted on the client would change this.
when I look at "disconnect" right now then you rather have the problem that the local storage is not cleared. what is disconnect actually doing?
when I look at "disconnect" right now then you rather have the problem that the local storage is not cleared. what is disconnect actually doing?
It does clear it, but window.webln won't be reset until you refresh the page. A website could listen to the bc:disconnected event and refresh the page then, I guess?
Update: just delete the webln object.
Should webln be deleted from the window? otherwise the web app can still actively use webln which the user probably doesn't want.
Note: if you connect with a WebLN extension then you will not be able to re-connect with the extension without refreshing the page (this is probably very unlikely anyway?)
@bumi do you have any thoughts here?