EIP-1102: Opt-in provider access #4703
Conversation
bitpshr
force-pushed
the
eip-1102
branch
2 times, most recently
from
a05b070 to
ef27fe9
Compare
|
For sites that currently rely on web3:
|
There was a problem hiding this comment.
This looks great. I added a few comments, none very blocking (although restoring e2e tests is important).
The biggest thing for me that we need to do is decisively agree on when to cut over to this. I suspect we need some of the strongest dapp-dev communication we've ever employed for this, because it will instantly break every dapp out there until they add at least one line of JS to their code.
The good news is this one line is so easy. We should tweet it out. We should get people adding it to their dapps ASAP.
app/_locales/en/messages.json
Outdated
| "message": "Please review this web3 API request." | ||
| }, | ||
| "web3RequestInfo": { | ||
| "message": "The domain listed below is attempting to request access to the web3 API so it can interact with the Ethereum blockchain. Always double check that you're on the correct site before approving web3 access." |
There was a problem hiding this comment.
I bet we could punch this up a bit, we might want to workshop it.
I'm fine with the current draft for now. Might be worth discussing in the design meeting. @cjeria?
One pass:
The domain listed below is requesting access to the web3 API so it can interact with the Ethereum blockchain and view your current account. Always double check that you're on the correct site before approving web3 access.
app/scripts/metamask-controller.js
Outdated
| */ | ||
| handleWeb3Request (requestedOrigin) { | ||
| const { openPopup } = this.opts | ||
| this.memStore.updateState({ pendingWeb3Requests: [requestedOrigin] }) |
There was a problem hiding this comment.
Probably worth moving into its own controller long-term. Non-blocking, this works for MVP.
test/e2e/metamask.spec.js
Outdated
| assert.equal(await tokenBalance.getText(), '100 TST') | ||
| }) | ||
| }) | ||
| // describe('Token Factory', function () { |
There was a problem hiding this comment.
Would prefer to include the injection request as part of the e2e tests. Maybe @tmashuang could take a pass at this?
|
For consistency: I notice EIP 1102 names its message 'ETHEREUM_PROVIDER_REQUEST', and here we have 'WEB3_API_REQUEST'. I think we should maintain consistency between the two. |
|
It might also make sense to add our usual titlebar to this window, with the logo and the name "MetaMask", just to help clarify to the user who is asking. |
|
@danfinlay thanks for the review. I took care of all feedback except for adding the titlebar to the approval popup window. Since the popup isn't network-specific, the main function of the titlebar would only be to hold a logo. I agree that a logo would help inform users, but I feel that we should stay consistent with how we also brand transaction approval popups (at least for this PR.) Updates to this PR:
What this PR means to dapps:
Release comments:
This is going to be a jarring change for dapp developers. MetaMask and other Ethereum-enabled DOM environments are unique in that it's difficult to version changes: extensions (and desktop applications) are usually evergreen, meaning that once a feature is released, downstream users can't selectively pick up that feature as they could if this were, say, an NPM module that could be versioned as downstream projects see fit. Still, it's an extremely necessary change for security purposes. I feel that a sufficient explanation, hand-holding via example code, a lengthy grace period, and buy-in from other dapp browsers will go a long way with our active developer base. I'm happy to author the relevant blog post(s) and to spread awareness throughout the community. Edit: Ah, forgot e2e tests. Need to trigger |
app/_locales/ru/messages.json
Outdated
| "message": "Одобрить" | ||
| }, | ||
| "reject": { | ||
| "message": "отклонять" |
app/_locales/ru/messages.json
Outdated
| "message": "Просмотрите этот запрос API web3." | ||
| }, | ||
| "providerRequestInfo": { | ||
| "message": "Домен, указанный ниже, пытается запросить доступ к API-интерфейсу web3, чтобы он мог взаимодействовать с блок-цепочкой Ethereum. Всегда проверяйте, что вы находитесь на правильном сайте, прежде чем одобрять доступ к веб-сайту." |
There was a problem hiding this comment.
Домен, указанный ниже, пытается запросить доступ к API-интерфейсу web3, чтобы он мог взаимодействовать с блокчейном Ethereum. Всегда проверяйте, что вы находитесь на правильном сайте, прежде чем одобрять доступ к веб-сайту.
Seems like a good idea - do we need design for this? |
bitpshr
force-pushed
the
eip-1102
branch
9 times, most recently
from
43e8583 to
fa1192d
Compare
bitpshr
changed the title
|
@Grsmto It would also be nice to see the blog post linked to from the console warning updated. The current released version doesn't even have the privacy mode option to ease testing, and the public statements still remain that instead of a phased roll-out it'll be an all-of-a-sudden change applying to everyone by default, to take effect on a now-passed date. I've already heard some devs say that their dapp is continuing to function fine well after that announced change date, so they must be done and not have anything more to worry about (moving on to the next order of business now...) when the dapp is definitely NOT ready. Updating the blog post with a revised timeline or note that it's on indefinite hold, and noting that once the privacy mode setting is released it'll be off by default for a while to permit dapp changes and testing (hoping that's true!) would be very helpful. Also, devs who did integrate the needed changes early are getting burned by last-minute breaking changes in the breaking change, underscoring the incentive to wait until MetaMask has decided and implemented how this new behavior will work. |
|
Bug in latest build: Metamask state: Locked, Privacy mode OFF
My understanding is that this screen should not be seen if the user has not opted in. |
|
Thanks for the report, @derrickpelletier, I actually just found this too, discussing/fixing here: #5679 |
|
@bdresser When Privacy Mode is added as an option, is it going to be on by default (per description in the public blog post) or off by default (per responses to @hayesgm above) to allow developers to adapt their dapps based on what the actual implementation is, as the adaptation actually needed has apparently been changing quickly within the past few days? I would highly recommend updating the blog post about what's happening, without waiting for the PR to be merged! Thanks for supporting better privacy. |
|
@wbt the blog post states
The wording in the subtitle could have been misinterpreted; I've updated it to clarify 😄 |
|
Could you make a new blog post when this will be final? |
|
@bdresser As far as what I'm seeing, the subtitle says, emphasis added:
How about:
|
|
@bitpshr What is website doesn't request or user rejects request? Will website have access to network (for example watching blocks, getting other addresses, interacting with contracts) but without user accounts? |
|
Hi @filips123. Yes, your understanding is correct: dapps can only initiate RPC calls that don't require user accounts until account access is approved. |
ghost
mentioned this pull request
|
Please open up new issues for related topics and questions |
This pull request includes a fully-updated EIP-1102 implementation:
window.ethereumenablemethodenableshows user approval UINote: This pull request depends on MetaMask/eth-json-rpc-middleware#5.
Required next steps
Example detection code
https://gist.github.com/bitpshr/076b164843f0414077164fe7fe3278d9
Blog post
https://medium.com/metamask/https-medium-com-metamask-breaking-change-injecting-web3-7722797916a8
Example
Cached domain approval
Resolves #3930
Refs #714