Closed shinsuny closed 4 years ago
tynes
commented
5 years ago I am having a similar issue. It says in the docs, Once user grants permission for hosting page to communicate with API TrezorConnect will emits events about device state.
Looking for more information about letting the user grant permission
tynes
commented
5 years ago After looking at the source code, I've noticed that you should call
TrezorConnect.init();to add the event listener to the window. The problem comes here:
https://github.com/trezor/connect/blob/develop/src/js/index.js#L41
// ignore messages from domain other then iframe origin
I wanted to use this outside of the iframe because I just want to use the trezor device without the iframe at all. Its a bit confusing to know which library to use to achieve this
szymonlesisz
commented
5 years ago DEVICE_EVENT should be emitted only(!) after user grants permissions to this site inside TrezorConnect popup window. You don't want some random site to sniffing around your device without your knowledge, right?
@tynes, If you want to use Trezor without TrezorConnect iframe i'm afraid you will need to prepare some custom code for your own purposes. We do not support custom hosts for TrezorConnect. This iframe is designed that way for couple of reasons and security is one of them, to make sure that informations about your device are not stored anywhere and not being misused. For example: if you are using some custom build hosted on xyz.com you are risking that someone could easily store your passphrase entered inside popup input field and link it with your account/public key/addresses. This information could be used against you on some phishing sites since they already know that you have a Trezor with X btc on it, and you are using passphrase "abcd".
tynes
commented
5 years ago @szymonlesisz Thank you for the response! I'm working on an application that is built on top of the bcoin wallet. I'd like to:
1 - Import pubkeys from a trezor device to create watch only wallets 2 - Use bcoin to build transactions 3 - Sign the transactions using the trezor 4 - Submit the raw tx to bcoin
I started building with trezor.js but saw the deprecation warning. I also understand that TrezorConnect is trying to help with security by using the iframe, but it changes the UX of the application. Do you suggest building using TrezorConnect?
szymonlesisz
commented
5 years ago I don't se a reason why not to.
I'm aware that opening new tab could breaks your UX, but think about the users. They don't want to (or at least they shouldn't to) put their sensitive data (like passphrase) into some untrusted 3rd party applications, that is why we ask for it in isolated environment served from trezor.io domain
KevinBaiSg
commented
5 years ago Hi @tynes, have you solved this problem?
KevinBaiSg
commented
5 years ago Hi @szymonlesisz I want to use the "trezor-connect" in my project, but my project is electron application, it seems it is not compatible, as popup\iframe window flow does not succeed. Can I remove the "iframe"? Do you have another suggestion?
keraf
commented
4 years ago For future reference, trezor-connect can be used with NodeJS (and Electron) using the extended module. See @szymonlesisz response in #352
I've added node.js support to connect v8. Youcan try it out by installing trezor-connect with "extended" tag This package has a lot more dependencies than a regular one and until i rewrite this api to monorepo structure it will be maintained with "extended" tag in npm
Closing issue.
Have followed steps as described here (using ES6): https://github.com/trezor/connect/blob/develop/docs/events.md
DEVICE_EVENTnever got fired. Tried to plug and unplug the device multiple times.Using:
https://www.npmjs.com/package/trezor-connect : 6.0.2
do I need to initialize something?