Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support dapp origin identifier in methodImplementation context #580

Closed
tmpfs opened this issue Jun 22, 2022 · 1 comment
Closed

Support dapp origin identifier in methodImplementation context #580

tmpfs opened this issue Jun 22, 2022 · 1 comment

Comments

@tmpfs
Copy link

tmpfs commented Jun 22, 2022

Following on from the conversation in #548.

If we take the snap_manangeAccounts feature that I am implementing for the threshold signatures snap as an example, I think it would be correct if the accounts it manages were not available to other dapps. Right now, this isn't possible as isolation is achieved using the snapId exposed via context.origin.

This permission is sensitive (like getBIP44Entropy_*) in that it allows access to private key information so in this instance it should be isolated to the owner dapp.

Would it be possible to expose the dapp origin on the context object so we could achieve this? As origin already is the snapId possibly we call it originString like the argument in the snap RPC handler for the moment? Although to prevent confusion, I think it would be good in the long run to rename context.origin to context.snapId and point context.origin to the dapp origin if possible.

/cc @rekmarks
@gantunesr
Copy link
Member

This is no longer relevant since we do a verification using the allowedOrigins in the endowments

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tmpfs @gantunesr