From b5e96341ed8c806c9283be0b6ee86117fb8d570c Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 18 Dec 2024 22:02:19 -0500 Subject: [PATCH 1/5] fix: caputures main frame origin and appends it to req --- .../lib/createMainFrameOriginMiddleware.js | 17 ++++++++++++++ app/scripts/metamask-controller.js | 23 ++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 app/scripts/lib/createMainFrameOriginMiddleware.js diff --git a/app/scripts/lib/createMainFrameOriginMiddleware.js b/app/scripts/lib/createMainFrameOriginMiddleware.js new file mode 100644 index 000000000000..49323f09e2dd --- /dev/null +++ b/app/scripts/lib/createMainFrameOriginMiddleware.js @@ -0,0 +1,17 @@ +/** + * Returns a middleware that appends the mainFrameOrigin to request + * + * @param {{ mainFrameOrigin: string }} opts - The middleware options + * @returns {Function} + */ + +export default function createMainFrameOriginMiddleware({ mainFrameOrigin }) { + return function mainFrameOriginMiddleware( + /** @type {any} */ req, + /** @type {any} */ _, + /** @type {Function} */ next, + ) { + req.mainFrameOrigin = mainFrameOrigin; + next(); + }; +} diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 8ab78f2c7e92..a0799c85e0ee 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -301,6 +301,7 @@ import { createUnsupportedMethodMiddleware, } from './lib/rpc-method-middleware'; import createOriginMiddleware from './lib/createOriginMiddleware'; +import createMainFrameOriginMiddleware from './lib/createMainFrameOriginMiddleware'; import createTabIdMiddleware from './lib/createTabIdMiddleware'; import { NetworkOrderController } from './controllers/network-order'; import { AccountOrderController } from './controllers/account-order'; @@ -5804,11 +5805,19 @@ export default class MetamaskController extends EventEmitter { tabId = sender.tab.id; } + // Determine if the request is coming from an iframe and set mainFrameOrigin + let mainFrameOrigin = null; + if (sender.frameId && sender.frameId > 0 && sender.tab && sender.tab.url) { + // If sender is an iframe, get the top-level frame's origin + mainFrameOrigin = new URL(sender.tab.url).origin; + } + const engine = this.setupProviderEngineEip1193({ origin, sender, subjectType, tabId, + mainFrameOrigin, }); const dupeReqFilterStream = createDupeReqFilterStream(); @@ -5929,13 +5938,25 @@ export default class MetamaskController extends EventEmitter { * @param {MessageSender | SnapSender} options.sender - The sender object. * @param {string} options.subjectType - The type of the sender subject. * @param {tabId} [options.tabId] - The tab ID of the sender - if the sender is within a tab + * @param {mainFrameOrigin} [options.mainFrameOrigin] - The origin of the main frame if the sender is an iframe */ - setupProviderEngineEip1193({ origin, subjectType, sender, tabId }) { + setupProviderEngineEip1193({ + origin, + subjectType, + sender, + tabId, + mainFrameOrigin, + }) { const engine = new JsonRpcEngine(); // Append origin to each request engine.push(createOriginMiddleware({ origin })); + // Append mainFrameOrigin to each request if present + if (mainFrameOrigin) { + engine.push(createMainFrameOriginMiddleware({ mainFrameOrigin })); + } + // Append selectedNetworkClientId to each request engine.push(createSelectedNetworkMiddleware(this.controllerMessenger)); From 93f20e4831ab1e014e066e1886b6644f0667619f Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 18 Dec 2024 22:03:12 -0500 Subject: [PATCH 2/5] fix: set mainFrameOrigin to origin if no iframe --- app/scripts/metamask-controller.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index a0799c85e0ee..35dc0ee9d7d1 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -5810,6 +5810,8 @@ export default class MetamaskController extends EventEmitter { if (sender.frameId && sender.frameId > 0 && sender.tab && sender.tab.url) { // If sender is an iframe, get the top-level frame's origin mainFrameOrigin = new URL(sender.tab.url).origin; + } else { + mainFrameOrigin = origin; } const engine = this.setupProviderEngineEip1193({ From 00a28f61ef9d9dac49be75f35f8361d4f31a8367 Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 18 Dec 2024 22:12:50 -0500 Subject: [PATCH 3/5] fix: js file to ts file --- ...dleware.js => createMainFrameOriginMiddleware.ts} | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) rename app/scripts/lib/{createMainFrameOriginMiddleware.js => createMainFrameOriginMiddleware.ts} (63%) diff --git a/app/scripts/lib/createMainFrameOriginMiddleware.js b/app/scripts/lib/createMainFrameOriginMiddleware.ts similarity index 63% rename from app/scripts/lib/createMainFrameOriginMiddleware.js rename to app/scripts/lib/createMainFrameOriginMiddleware.ts index 49323f09e2dd..0e498859e601 100644 --- a/app/scripts/lib/createMainFrameOriginMiddleware.js +++ b/app/scripts/lib/createMainFrameOriginMiddleware.ts @@ -5,11 +5,15 @@ * @returns {Function} */ -export default function createMainFrameOriginMiddleware({ mainFrameOrigin }) { +export default function createMainFrameOriginMiddleware({ + mainFrameOrigin, +}: { + mainFrameOrigin: string; +}) { return function mainFrameOriginMiddleware( - /** @type {any} */ req, - /** @type {any} */ _, - /** @type {Function} */ next, + req: any, + _res: any, + next: () => void, ) { req.mainFrameOrigin = mainFrameOrigin; next(); From e0eacfe740ff887c756492aaffde00ac12745191 Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 18 Dec 2024 22:32:59 -0500 Subject: [PATCH 4/5] fix: yarn lint failing for any --- app/scripts/lib/createMainFrameOriginMiddleware.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/scripts/lib/createMainFrameOriginMiddleware.ts b/app/scripts/lib/createMainFrameOriginMiddleware.ts index 0e498859e601..bcbc2cb7d6fd 100644 --- a/app/scripts/lib/createMainFrameOriginMiddleware.ts +++ b/app/scripts/lib/createMainFrameOriginMiddleware.ts @@ -1,3 +1,6 @@ +// Request and responses are currently untyped. +/* eslint-disable @typescript-eslint/no-explicit-any */ + /** * Returns a middleware that appends the mainFrameOrigin to request * From 1cccc5b91ecc5ff47054591d61f1c1f3d2a6bece Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Fri, 20 Dec 2024 09:19:10 -0500 Subject: [PATCH 5/5] fix: cleanup mainframeorigin logic --- app/scripts/metamask-controller.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 35dc0ee9d7d1..17821d198cdd 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -5805,13 +5805,10 @@ export default class MetamaskController extends EventEmitter { tabId = sender.tab.id; } - // Determine if the request is coming from an iframe and set mainFrameOrigin - let mainFrameOrigin = null; - if (sender.frameId && sender.frameId > 0 && sender.tab && sender.tab.url) { - // If sender is an iframe, get the top-level frame's origin + let mainFrameOrigin = origin; + if (sender.tab && sender.tab.url) { + // If sender origin is an iframe, then get the top-level frame's origin mainFrameOrigin = new URL(sender.tab.url).origin; - } else { - mainFrameOrigin = origin; } const engine = this.setupProviderEngineEip1193({