Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add main frame URL property to req object whenever req is triggered from an iframe #29337

Merged
merged 6 commits into from
Dec 20, 2024
Merged

fix: Add main frame URL property to req object whenever req is triggered from an iframe #29337

merged 6 commits into from
Dec 20, 2024
+45 −1

Conversation

AugmentedMode
Copy link
Contributor

@AugmentedMode AugmentedMode commented Dec 19, 2024
edited
Loading

Description

See the attached issue in metamask planning for more details.

Open in GitHub Codespaces

Related issues

Fixes:

Manual testing steps

  1. Go to https://develop.d3bkcslj57l47p.amplifyapp.com/
  2. Click on Proceed anyways (This phishing warning page here is expected)
  3. Open the network tab to monitor network requests
  4. Connect your wallet and click on a signature or transaction
  5. Verify that mainFrameOrigin is included in the payload of the network request to the security alerts API
Screenshot 2024-12-20 at 10 46 05 AM

Screenshots/Recordings

Below are screenshots demonstrating the behavior of a test HTML page I created:

  1. In the first screenshot, before the iframe is loaded, the console shows only the origin of the main frame.
  2. In the second screenshot, after clicking the button to load an iframe pointing to example.com, the solution correctly identifies both the mainFrameOrigin (main frame) and the origin (iframe).
Screenshot 2024-12-18 at 10 24 48 PM Screenshot 2024-12-18 at 10 24 54 PM

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@AugmentedMode AugmentedMode self-assigned this Dec 19, 2024
@AugmentedMode AugmentedMode marked this pull request as draft December 19, 2024 03:04
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-product-safety Push issues to Product Safety team label Dec 19, 2024
@AugmentedMode AugmentedMode changed the title Fix/capture main frame origin on req Fix: Add main frame URL property to req object whenever req is triggered from an iframe Dec 19, 2024
@AugmentedMode AugmentedMode changed the title Fix: Add main frame URL property to req object whenever req is triggered from an iframe fix: Add main frame URL property to req object whenever req is triggered from an iframe Dec 19, 2024
@metamaskbot
Copy link
Collaborator

Builds ready [e0eacfe]
Page Load Metrics (1760 ± 95 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint25920431618474228
domContentLoaded14482024172618689
load14532102176019895
domInteractive247139157
backgroundConnect87227209
firstReactRender1674362110
getState565212110
initialActions00000
loadScripts10161529127115775
setupStore67416188
uiStartup168024212023233112
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 742 Bytes (0.01%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@AugmentedMode AugmentedMode marked this pull request as ready for review December 20, 2024 14:19
@metamaskbot
Copy link
Collaborator

Builds ready [e2eb74b]
Page Load Metrics (1532 ± 33 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint1420170715416732
domContentLoaded1405168915156632
load1414170815326833
domInteractive237737189
backgroundConnect77318157
firstReactRender1683382512
getState45622199
initialActions01000
loadScripts1018129311166933
setupStore674162010
uiStartup15752197180316378
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 716 Bytes (0.01%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@AugmentedMode AugmentedMode added this pull request to the merge queue Dec 20, 2024
Merged via the queue into main with commit 695d0db Dec 20, 2024
83 checks passed
@AugmentedMode AugmentedMode deleted the fix/capture-main-frame-origin-on-req branch December 20, 2024 17:51
@github-actions github-actions bot locked and limited conversation to collaborators Dec 20, 2024
@metamaskbot metamaskbot added the release-12.11.0 Issue or pull request that will be included in release 12.11.0 label Dec 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cryptotavares cryptotavares cryptotavares approved these changes

@danjm danjm danjm approved these changes

Assignees

@AugmentedMode AugmentedMode

Labels
release-12.11.0 Issue or pull request that will be included in release 12.11.0 team-product-safety Push issues to Product Safety team
Projects
PR review queue
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AugmentedMode @metamaskbot @danjm @cryptotavares