Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop implementing RPC methods ahead of the permission middleware #24331

Open
rekmarks opened this issue May 1, 2024 · 0 comments · May be fixed by #24472
Open

Stop implementing RPC methods ahead of the permission middleware #24331

rekmarks opened this issue May 1, 2024 · 0 comments · May be fixed by #24472
Labels
area-api area-permissions Issues relating to exposing permissions from the trusted MetaMask context to less-trusted contexts. INVALID-ISSUE-TEMPLATE Issue's body doesn't match any issue template.

Comments

@rekmarks
Copy link
Member

rekmarks commented May 1, 2024
edited

Ref: MetaMask/metamask-mobile#9492

Some RPC methods, e.g. wallet_switchEthereumChain and wallet_addEthereumChain, are implemented ahead of the permission middleware. This makes it difficult to keep track of our restricted vs. unrestricted methods, while also literally circumventing our permission system. Instead, we should reorder our json-rpc-engine middleware stack such that every method hits the permission middleware, and all unrestricted methods have to be enumerated in this list.
@metamaskbot metamaskbot added the INVALID-ISSUE-TEMPLATE Issue's body doesn't match any issue template. label May 1, 2024
@rekmarks rekmarks mentioned this issue May 1, 2024
Closed
@rekmarks rekmarks added area-permissions Issues relating to exposing permissions from the trusted MetaMask context to less-trusted contexts. area-api labels May 10, 2024
@rekmarks rekmarks linked a pull request May 10, 2024 that will close this issue
Draft
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-api area-permissions Issues relating to exposing permissions from the trusted MetaMask context to less-trusted contexts. INVALID-ISSUE-TEMPLATE Issue's body doesn't match any issue template.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Place permission middleware ahead of all method implementations MetaMask/metamask-extension
2 participants
@rekmarks @metamaskbot