Stop implementing RPC methods ahead of the permission middleware #24331
Labels
area-api
area-permissions
Issues relating to exposing permissions from the trusted MetaMask context to less-trusted contexts.
INVALID-ISSUE-TEMPLATE
Issue's body doesn't match any issue template.
Ref: MetaMask/metamask-mobile#9492
Some RPC methods, e.g.
wallet_switchEthereumChain
andwallet_addEthereumChain
, are implemented ahead of the permission middleware. This makes it difficult to keep track of our restricted vs. unrestricted methods, while also literally circumventing our permission system. Instead, we should reorder ourjson-rpc-engine
middleware stack such that every method hits the permission middleware, and all unrestricted methods have to be enumerated in this list.The text was updated successfully, but these errors were encountered: