Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add main frame URL property to req object whenever req is triggered from an iframe #29337

Merged
merged 6 commits into from
Dec 20, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions app/scripts/lib/createMainFrameOriginMiddleware.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
// Request and responses are currently untyped.
/* eslint-disable @typescript-eslint/no-explicit-any */

/**
* Returns a middleware that appends the mainFrameOrigin to request
*
* @param {{ mainFrameOrigin: string }} opts - The middleware options
* @returns {Function}
*/

export default function createMainFrameOriginMiddleware({
mainFrameOrigin,
}: {
mainFrameOrigin: string;
}) {
return function mainFrameOriginMiddleware(
req: any,
_res: any,
next: () => void,
) {
req.mainFrameOrigin = mainFrameOrigin;
next();
};
}
25 changes: 24 additions & 1 deletion app/scripts/metamask-controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ import {
createUnsupportedMethodMiddleware,
} from './lib/rpc-method-middleware';
import createOriginMiddleware from './lib/createOriginMiddleware';
import createMainFrameOriginMiddleware from './lib/createMainFrameOriginMiddleware';
import createTabIdMiddleware from './lib/createTabIdMiddleware';
import { NetworkOrderController } from './controllers/network-order';
import { AccountOrderController } from './controllers/account-order';
Expand Down Expand Up @@ -5804,11 +5805,21 @@ export default class MetamaskController extends EventEmitter {
tabId = sender.tab.id;
}

// Determine if the request is coming from an iframe and set mainFrameOrigin
let mainFrameOrigin = null;
if (sender.frameId && sender.frameId > 0 && sender.tab && sender.tab.url) {
// If sender is an iframe, get the top-level frame's origin
mainFrameOrigin = new URL(sender.tab.url).origin;
} else {
mainFrameOrigin = origin;
}
AugmentedMode marked this conversation as resolved.
Show resolved Hide resolved

const engine = this.setupProviderEngineEip1193({
origin,
sender,
subjectType,
tabId,
mainFrameOrigin,
});

const dupeReqFilterStream = createDupeReqFilterStream();
Expand Down Expand Up @@ -5929,13 +5940,25 @@ export default class MetamaskController extends EventEmitter {
* @param {MessageSender | SnapSender} options.sender - The sender object.
* @param {string} options.subjectType - The type of the sender subject.
* @param {tabId} [options.tabId] - The tab ID of the sender - if the sender is within a tab
* @param {mainFrameOrigin} [options.mainFrameOrigin] - The origin of the main frame if the sender is an iframe
*/
setupProviderEngineEip1193({ origin, subjectType, sender, tabId }) {
setupProviderEngineEip1193({
origin,
subjectType,
sender,
tabId,
mainFrameOrigin,
}) {
const engine = new JsonRpcEngine();

// Append origin to each request
engine.push(createOriginMiddleware({ origin }));

// Append mainFrameOrigin to each request if present
if (mainFrameOrigin) {
engine.push(createMainFrameOriginMiddleware({ mainFrameOrigin }));
}

// Append selectedNetworkClientId to each request
engine.push(createSelectedNetworkMiddleware(this.controllerMessenger));

Expand Down
Loading