Open stephancill opened 2 months ago
Hi @stephancill. Thank you for highlighting this. We currently don't inject our provider into iframes because of known vulnerabilities with this approach that wallets have experienced in the past. But we are reevaluating and discussing to see if there is a better approach given your valid usecase.
I have a few recommendations of a better way to approach this:
window
directly. Rather your Frame would return a prepared transaction at an endpoint, and Farcaster or Blinks would forward this transaction to the wallet. You would want to maintain this for compatibility; otherwise the frames would work with Frames.fun, but not Farcaster, and vice versa.
We're working on frames.fun, which adds farcaster frames to X using iframes - for some reason
window.ethereum
is not available in the added iframes we add to the page whereas metamask is.Do you have any ideas around why this could be the case?
Maybe the content script load isn't triggered multiple times due to some deduplication by tab?
Happy to provide more details/repro if nothing comes to mind