Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow working with strict CSPs #31

Open
danfinlay opened this issue Sep 21, 2021 · 18 comments
Open

Allow working with strict CSPs #31

danfinlay opened this issue Sep 21, 2021 · 18 comments

Comments

@danfinlay
Copy link

TIL: Our current mobile script injection technique violates some CSPs!

I just got off a call with a team that currently can't use MetaMask because their page's CSP refuses to interact with an inline script.

It would help them if we also allowed connecting via a non-injected provider. Maybe we should set up detect-provider to bring its own inpage-provider, so it allows side-stepping this issue.

I'm reaching out to them to see what CSP this might be, I think a safely strict testing csp might be script-src: 'none'.
@mrnerdhair mrnerdhair mentioned this issue Feb 11, 2022
Open
@mrnerdhair
Copy link

Same issue here. The issue is that Firefox has decided that page CSPs should apply to code injected by extensions. This means that MM's injected provider stub won't work unless your CSP's script-src includes unsafe-inline, which is (as the name implies) unsafe. The MessagePort to talk to the extension is still available, of course, so the fix is to instantiate an inpage provider if one can't be detected.

On desktop the "built-in" provider will always be injected before user code is run, but that's not true on mobile. It's (probably) not possible to detect whether the page is still waiting for a provider to be injected (i.e. on mobile) or whether the injection of a provider has been blocked by CSP, so it wouldn't be a good experience to wait until the current timeout-based logic fails before setting up an inpage provider for the latter option. shapeshift/web#443 isn't exactly prod-ready, but it does demonstrate a compromise solution using a proxy with a resettable target to return an instantiated provider immediately but swap it out with the injected provider when it arrives. IDK if that's the way to go here but it's at least an option.

If y'all would take a PR for this, we can probably get some attention on it; it's certainly possible to fix at some other layer but this seems like the right place.

@mrnerdhair mrnerdhair mentioned this issue Feb 11, 2022
Closed
@0xean
Copy link

0xean commented Mar 28, 2022

Shapeshift is adding a bounty to try and move this issue along. We will pay this bounty out to any bounty hunter who successfully is able to raise a PR that: 1) is accepted by the MetaMask team 2)resolves the issue of working with strict CSPs

@0xean
Copy link

0xean commented Mar 28, 2022

https://gitcoin.co/issue/metamask/detect-provider/31/100028664

@mrnerdhair
Copy link

⬆️ We've done some research here and are happy to help out any potential bounty hunters (who could, of course, be MetaMask team members themselves!) however we can; drop us a line and we can help get you spun up.

@Pandapip1 Pandapip1 mentioned this issue Mar 28, 2022
Closed
@Pandapip1
Copy link

Can Repro:
image

@Pandapip1
Copy link

I've submitted a PR at MetaMask/metamask-extension#14233. It got locked by mistake though.

@gitcoinbot
Copy link

gitcoinbot commented Mar 29, 2022
edited
Loading

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work has been started.

These users each claimed they can complete the work by 264 years, 4 months from now.
Please review their action plans below:

1) pandapip1 has started work.

I'll look into this. I think it might be possible to modify the CSP header to include a nonce.
2) recep9227 has started work.

Daha tam ne yapmam gerektiğini çözemedim gitti
3) koksymaglo has started work.

This is a very good project to meet up
4) emoo16 has started work.

Jdbdbdbdbd dbksdbbdnxbdbxhdndbxbxbcbc
5) jetsadakon44 has started work.

Welcome to Gboard clipboard, any text you copy will be saved here.
6) mitumaru has started work.

Carbon bamboo repeat rich vivid spend trend grocery donkey usual evidence salad
7) lehuuhieu7777 has started work.

Kiếm tiền thưởng của tôi phải như thế nào
8) montana02 has started work.

I understand that this bounty is contest and I have agreed to keep the funder informed of my progress
9) memo83mk has started work.

Nice i want any coin of the world thanks
10) adler60 has started work.

I will check the CSP and do my best to restore it.
11) amaris101 has started work.

5AE401DC00000000000000000000000000000000000000000000000000000000625F4866000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000AC000000000000000000000000000000000000000000000000000000000000158000000000000000000000000000000000000000000000000000000000000015C000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000001640000000000000000000000000000000000000000000000000000000000000168000000000000000000000000000000000000000000000000000000000000016C000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000001740000000000000000000000000000000000000000000000000000000000000178000000000000000000000000000000000000000000000000000000000000017C000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000001840000000000000000000000000000000000000000000000000000000000000188000000000000000000000000000000000000000000000000000000000000018C000000000000000000000000000000000000000000000000000000000000019000000000000000000000000000000000000000000000000000000000000001940000000000000000000000000000000000000000000000000000000000000198000000000000000000000000000000000000000000000000000000000000019C00000000000000000000000000000000000000000000000000000000000001A000000000000000000000000000000000000000000000000000000000000001A400000000000000000000000000000000000000000000000000000000000001A800000000000000000000000000000000000000000000000000000000000001AC00000000000000000000000000000000000000000000000000000000000001B000000000000000000000000000000000000000000000000000000000000001B400000000000000000000000000000000000000000000000000000000000001B800000000000000000000000000000000000000000000000000000000000001BC00000000000000000000000000000000000000000000000000000000000001C000000000000000000000000000000000000000000000000000000000000001C400000000000000000000000000000000000000000000000000000000000001C800000000000000000000000000000000000000000000000000000000000001CC00000000000000000000000000000000000000000000000000000000000001D000000000000000000000000000000000000000000000000000000000000001D400000000000000000000000000000000000000000000000000000000000001D800000000000000000000000000000000000000000000000000000000000001DC00000000000000000000000000000000000000000000000000000000000001E000000000000000000000000000000000000000000000000000000000000001E400000000000000000000000000000000000000000000000000000000000001E800000000000000000000000000000000000000000000000000000000000001EC00000000000000000000000000000000000000000000000000000000000001F000000000000000000000000000000000000000000000000000000000000001F400000000000000000000000000000000000000000000000000000000000001F800000000000000000000000000000000000000000000000000000000000001FC000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000002040000000000000000000000000000000000000000000000000000000000000208000000000000000000000000000000000000000000000000000000000000020C000000000000000000000000000000000000000000000000000000000000021000000000000000000000000000000000000000000000000000000000000002140000000000000000000000000000000000000000000000000000000000000218000000000000000000000000000000000000000000000000000000000000021C000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000002240000000000000000000000000000000000000000000000000000000000000228000000000000000000000000000000000000000000000000000000000000022C000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000002340000000000000000000000000000000000000000000000000000000000000238000000000000000000000000000000000000000000000000000000000000023C000000000000000000000000000000000000000000000000000000000000024000000000000000000000000000000000000000000000000000000000000002440000000000000000000000000000000000000000000000000000000000000248000000000000000000000000000000000000000000000000000000000000024C000000000000000000000000000000000000000000000000000000000000025000000000000000000000000000000000000000000000000000000000000002540000000000000000000000000000000000000000000000000000000000000258000000000000000000000000000000000000000000000000000000000000025C000000000000000000000000000000000000000000000000000000000000026000000000000000000000000000000000000000000000000000000000000002640000000000000000000000000000000000000000000000000000000000000268000000000000000000000000000000000000000000000000000000000000026C000000000000000000000000000000000000000000000000000000000000027000000000000000000000000000000000000000000000000000000000000002740000000000000000000000000000000000000000000000000000000000000278000000000000000000000000000000000000000000000000000000000000027C000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000002840000000000000000000000000000000000000000000000000000000000000288000000000000000000000000000000000000000000000000000000000000028C000000000000000000000000000000000000000000000000000000000000029000000000000000000000000000000000000000000000000000000000000002940000000000000000000000000000000000000000000000000000000000000298000000000000000000000000000000000000000000000000000000000000029C00000000000000000000000000000000000000000000000000000000000002A000000000000000000000000000000000000000000000000000000000000002A400000000000000000000000000000000000000000000000000000000000002A800000000000000000000000000000000000000000000000000000000000002AC00000000000000000000000000000000000000000000000000000000000002B000000000000000000000000000000000000000000000000000000000000002B400000000000000000000000000000000000000000000000000000000000002B800000000000000000000000000000000000000000000000000000000000002BC00000000000000000000000000000000000000000000000000000000000002C000000000000000000000000000000000000000000000000000000000000002C400000000000000000000000000000000000000000000000000000000000002C800000000000000000000000000000000000000000000000000000000000002CC00000000000000000000000000000000000000000000000000000000000002D000000000000000000000000000000000000000000000000000000000000002D400000000000000000000000000000000000000000000000000000000000002D800000000000000000000000000000000000000000000000000000000000002DC00000000000000000000000000000000000000000000000000000000000002E000000000000000000000000000000000000000000000000000000000000002E400000000000000000000000000000000000000000000000000000000000002E800000000000000000000000000000000000000000000000000000000000002EC00000000000000000000000000000000000000000000000000000000000002F000000000000000000000000000000000000000000000000000000000000002F400000000000000000000000000000000000000000000000000000000000002F800000000000000000000000000000000000000000000000000000000000002FC000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000003040000000000000000000000000000000000000000000000000000000000000308000000000000000000000000000000000000000000000000000000000000030C000000000000000000000000000000000000000000000000000000000000031000000000000000000000000000000000000000000000000000000000000003140000000000000000000000000000000000000000000000000000000000000318000000000000000000000000000000000000000000000000000000000000031C000000000000000000000000000000000000000000000000000000000000032000000000000000000000000000000000000000000000000000000000000003240000000000000000000000000000000000000000000000000000000000000328000000000000000000000000000000000000000000000000000000000000032C000000000000000000000000000000000000000000000000000000000000033000000000000000000000000000000000000000000000000000000000000003340000000000000000000000000000000000000000000000000000000000000338000000000000000000000000000000000000000000000000000000000000033C000000000000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000000000000000000000000000003440000000000000000000000000000000000000000000000000000000000000348000000000000000000000000000000000000000000000000000000000000034C000000000000000000000000000000000000000000000000000000000000035000000000000000000000000000000000000000000000000000000000000003540000000000000000000000000000000000000000000000000000000000000358000000000000000000000000000000000000000000000000000000000000035C000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000003640000000000000000000000000000000000000000000000000000000000000368000000000000000000000000000000000000000000000000000000000000036C000000000000000000000000000000000000000000000000000000000000037000000000000000000000000000000000000000000000000000000000000003740000000000000000000000000000000000000000000000000000000000000378000000000000000000000000000000000000000000000000000000000000037C000000000000000000000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000003840000000000000000000000000000000000000000000000000000000000000388000000000000000000000000000000000000000000000000000000000000038C000000000000000000000000000000000000000000000000000000000000039000000000000000000000000000000000000000000000000000000000000003940000000000000000000000000000000000000000000000000000000000000398000000000000000000000000000000000000000000000000000000000000039C00000000000000000000000000000000000000000000000000000000000003A000000000000000000000000000000000000000000000000000000000000003A400000000000000000000000000000000000000000000000000000000000003A800000000000000000000000000000000000000000000000000000000000003AC00000000000000000000000000000000000000000000000000000000000003B000000000000000000000000000000000000000000000000000000000000003B400000000000000000000000000000000000000000000000000000000000003B800000000000000000000000000000000000000000000000000000000000003BC00000000000000000000000000000000000000000000000000000000000003C000000000000000000000000000000000000000000000000000000000000003C400000000000000000000000000000000000000000000000000000000000003C800000000000000000000000000000000000000000000000000000000000003CC00000000000000000000000000000000000000000000000000000000000003D000000000000000000000000000000000000000000000000000000000000003D400000000000000000000000000000000000000000000000000000000000003D800000000000000000000000000000000000000000000000000000000000003DC00000000000000000000000000000000000000000000000000000000000003E000000000000000000000000000000000000000000000000000000000000003E400000000000000000000000000000000000000000000000000000000000003E800000000000000000000000000000000000000000000000000000000000003EC00000000000000000000000000000000000000000000000000000000000003F000000000000000000000000000000000000000000000000000000000000003F400000000000000000000000000000000000000000000000000000000000003F800000000000000000000000000000000000000000000000000000000000003FC0000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000040400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000694F7B02B8B40D5AA9BFCB98F6BB9E63477C913400000000000000000000000000000000000000000000000000000000000000200000000000000000000000000695F20706887A6823111C6EB659F67303593355000000000000000000000000000000000000000000000000000000000000002000000000000000000000000012C7824845440DA1B0EBFCB33E15CCDB07BCEA63000000000000000000000000000000000000000000000000000000000000002000000000000000000000000020B4B5C1A60AC46E844CB7422EDA45517325E4990000000000000000000000000000000000000000000000000000000000000020000000000000000000000000141D48801ABC47213D7F714B77618E698ADCBE440000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DFF92A1D3C7832CBCC762EE5F326679DD801648E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005653BBB15DD5075EF9F0DF9860CB54ABFAC486420000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C04A71F2A0953A4A65CD2613D24A364714F3B59C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000839C8B27C0C01E9F1C17F4B90934ECA8E0CC6740000000000000000000000000000000000000000000000000000000000000002000000000000000000000000099FD1378CA799ED6772FE7BCDC9B30B38951896200000000000000000000000000000000000000000000000000000000000000200000000000000000000000003F47A66ADA01491C3D364599E5BCBF80A1A6709200000000000000000000000000000000000000000000000000000000000000200000000000000000000000009B814233894CD227F561B78CC65891AA55C62AD20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000765AD3FF78415831D9C69DEE1CD5D56D09736ADC00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007FBAF24BE5FB8EAEFA5ADD9AF3F7052D3FF52E4000000000000000000000000000000000000000000000000000000000000000200000000000000000000000009469C98BE5AFD94CD601E094BC401DDD37F480A30000000000000000000000000000000000000000000000000000000000000020000000000000000000000000355D9AE5E1280DAE29442F250DA325A0F7D5545E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B32B4350C25141E779D392C1DBE857B62B60B4C90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F23A873B5BC29D9269AD4A50F093477F4599C00700000000000000000000000000000000000000000000000000000000000000200000000000000000000000006910940164948FDAFB087BFDFE75C0CEBDCF503E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000842A93C4733A1601885FE2B581470A4286C58B400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A94181F3FBC5DC4C74F550B568318227D8A454A0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000052A9768FA97864184F5AFE1AD3D72C4E4E7DC126000000000000000000000000000000000000000000000000000000000000002000000000000000000000000095D6D4CC1703BB1A487C941B0F009FEC4521B22E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000006EEBDA76E452F2F95867D56B70F1224148BF6BFC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F9E782702E97793BE1119E99120F266B5D47BCF60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000563415679588E508C0C8F0A729C9BF898406E9B50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000564B31FE75510A1ADB311AECE4FAA63346ED142C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000CD531AE9EFCCE479654C4926DEC5F6209531CA7B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FFA914C83D851B9FE372E4BA6A6E131373AA16AB000000000000000000000000000000000000000000000000000000000000002000000000000000000000000025EDB46CBB7744DE5507EBE50B5086D236B630730000000000000000000000000000000000000000000000000000000000000020000000000000000000000000580150CE0052C40B09D20FFF61E5A71BA4CFBF4F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E3654C84730C073BAA8CEA97569A7E30E6F3D8D70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E622D4742505298E1DC592D4585F6730D379F48200000000000000000000000000000000000000000000000000000000000000200000000000000000000000002079C29BE9C8095042EDB95F293B5B510203D6CE000000000000000000000000000000000000000000000000000000000000002000000000000000000000000098041AB523024DACAEFA3BB70DD982DBAC68E8550000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B6CAD910EB912EF13A030B682BF77AA8F781DA60000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063AEA877B5D5FA234A1532F1B26A4F6D9051866E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000040D775827365AE4D54CBC08A1A1C4F586B2C1D0A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004F6FFF5CD87EAF8CF09467366FE783E7ECB1317B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000995A09ED0B24EE13FBFCFBE60CAD2FB6281B479F000000000000000000000000000000000000000000000000000000000000002000000000000000000000000033AAAA216AA492808D5CE5A4C69134CA71F3AE3F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DD152203CBAB78E2479FCE5820F6A0DA2966735A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005BE8F739C8EA94D99B44AB0B1421889C8B99B2E10000000000000000000000000000000000000000000000000000000000000020000000000000000000000000370CECA4FC1287ED99924BBA76259F6C771A602200000000000000000000000000000000000000000000000000000000000000200000000000000000000000009499054D02A725316D61FA896C29D58550EE4A5B000000000000000000000000000000000000000000000000000000000000002000000000000000000000000093E45360F7E5B0B85D8E65DAE9FA1A6F2AF5681900000000000000000000000000000000000000000000000000000000000000200000000000000000000000005074E50174858884143B3DC75BC7217FBF5DD5CC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DF8DD5E0B4168F20A3488AD088DDB198FE602CB3000000000000000000000000000000000000000000000000000000000000002000000000000000000000000024BA1542F8A0A20E8251D096213384CFB0EE3DBC000000000000000000000000000000000000000000000000000000000000002000000000000000000000000012F37431468EB75C2A825E2CF8FDE773AD94C8EA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000403466A60252E6339572757645426C62894B8BB6000000000000000000000000000000000000000000000000000000000000002000000000000000000000000090C685C31953C2B2675F723E7FA74EFC83FA8FCA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F140DDEBB4CABA6838C63617105DC2DD2964A3FD00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004E96B1D50F77C99F0E1DF50D75AEEC6EDB12425000000000000000000000000000000000000000000000000000000000000000200000000000000000000000008DBB75C576B71B43EEA54398F8606AEC530181DC00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007DBDEC4EDBEB5FA3C9F79A87AF427B970A88D90D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000BDC21FAE769D7F5469993D8E83B465495D88CFC0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000032CC2EC897F21A77A704E9A7313AF6A640C47BB50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000AA364C1A348F9517009207A1601E0A73C1CD530B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000003AD6A7608056AA931721CB6268854EA5E319683E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000357C9E10E2CBE30C7DB33AEEB499DC02E6DC6D590000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FE5573C66273313034F7FF6050C54B540255371600000000000000000000000000000000000000000000000000000000000000200000000000000000000000006B92686C40747C85809A6772D0EDA8E22A77C60C0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000239EEC9EC218F71CEF5CC14D88B142ED4FF4411000000000000000000000000000000000000000000000000000000000000000200000000000000000000000007F08D733A2C4E65E88975AEF8F80FA694EF339C1000000000000000000000000000000000000000000000000000000000000002000000000000000000000000037FACC790B36DC08446381C4873962F2BC94A5D20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C13CED137E90BC695CB77288962280516A2F9B8B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000003A8315E25378CE9FC0D3279B26EC0576DE52C0FF0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000268D3A8C4701000546DD0BF959BF6C8956CC3E5E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000085F6A9FE887ED0419E0B7B9B4213DD35495F94A400000000000000000000000000000000000000000000000000000000000000200000000000000000000000009ED6C4AC6CDD4D579AA0F39E69AF838D0B057D560000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E0A712CF781A75BE8296EDD14D8A265244D246C60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B87F5110F19A42058908343EE10E5337A2B1118700000000000000000000000000000000000000000000000000000000000000200000000000000000000000004828869C68CE66F13B96AD24F4422F5537CCA8A1000000000000000000000000000000000000000000000000000000000000002000000000000000000000000011B50686D3983C14C0D0972A5E46E38E0D9B2E1400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007B2E61235D90678803DE1C911BDD51C7BD0AF06B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C3F988844BBACE6EED31541DF89FAA93E4AB2C400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D2628FB21499C690F5015AF5DF410A6FC72DF72F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FD192166D291281D7576BAC91B32615774B205DC0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000906F31EB6331B6D069CAC3A7158FFED09BC93D3800000000000000000000000000000000000000000000000000000000000000200000000000000000000000006E6A5ADE90E60AE883F0B35FB2E8D8F66E5D7A070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F7AAB787787631D5D180B54B83747E6654E8F6B6000000000000000000000000000000000000000000000000000000000000002000000000000000000000000090EC199C9333BA04FAFA6D907D9F9DE2FD574B260000000000000000000000000000000000000000000000000000000000000020000000000000000000000000272E6F394C4F83D56923646873BAE4A41B703CD900000000000000000000000000000000000000000000000000000000000000200000000000000000000000002BE2273452CE4C80C0F9E9180D3F0D6EEDFA79230000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B460336E8850BA79C56CFA6E47DE2FCD3D2D3D6300000000000000000000000000000000000000000000000000000000000000200000000000000000000000003B27E9C6FB87BF783E4FF0707C8D74DADFA19C5B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000F5830FF9B625B60131D82530C51C9E294A9F74780000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FC48426DA0338735945BADEF273736CCFF53A3580000000000000000000000000000000000000000000000000000000000000020000000000000000000000000080EA8D13AFD027C544C5FAFA260D8EEA60FFFE70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000BAD1990C2967231BC9A4FA9562EA68E65DD2B25D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EBC18D25D8122DA21F73A6BCB78971671F21F6FF0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C229D7D3DD662A1B107E29AA84BB0C8FF609CF3A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002EFDA14A0BDF5629AC06BB1FD70AA09A7D382A3E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000018333A87FB0E60A01864A3F9668124FA793951E70000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A75EDE99F376DD47F3993BC77037F61B5737C6EA0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B27979B64541D414EE84C2E644EE0B399D9904D80000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B507FBBAA0DA1A39F22B986C2D4CB3B8084E8B940000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EFACB3FB194D5E80E569B3AC50669CF22E48F63B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000356F029FB2F673CA083EA223D5835F4AC00539DD000000000000000000000000000000000000000000000000000000000000002000000000000000000000000091BCBBEB500E49BE5F13857362E0B1911E93A9B20000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B1F3C577B81BED198C144B05B63AE185B313254F00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000FFAD609D35C4BEF104EE245A9C4C891D463AA2A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002564A597E6E51C668E26D97510D1867901E94471000000000000000000000000000000000000000000000000000000000000002000000000000000000000000049C3DA263BB10120DF7435CF69456DE86EDB4A6500000000000000000000000000000000000000000000000000000000000000200000000000000000000000004EC6B6F9BCDDA4432CC134779B62BF8770D925B200000000000000000000000000000000000000000000000000000000000000200000000000000000000000006A8AC02FAB86AA8FD2D8F8ADDC37CA3350D5BD6F000000000000000000000000000000000000000000000000000000000000002000000000000000000000000006AC16FF8CAA7C7A4D66F506A4C74D4DA9E8569E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FD346666549F8030EB121CB482434A7AB85B577F0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000011B0A055E02425461A1AE95B30F483C4FF05BE700000000000000000000000000000000000000000000000000000000000000200000000000000000000000009B1ACD4336EBF7656F49224D14A892566FD48E6800000000000000000000000000000000000000000000000000000000000000200000000000000000000000009C5083DD4838E120DBEAC44C052179692AA5DAC50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DC5B961A5AB04AC38321C89100584FB96572193100000000000000000000000000000000000000000000000000000000000000200000000000000000000000001CFD3CBFB5C530205D69291A4F8E6019BBE754B60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000548EFCE69BB82A16F3911A86A65384327C99C3AB0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D26C9529AACFBAC9E49EEB4F1C719C4621745BC8000000000000000000000000000000000000000000000000000000000000002000000000000000000000000001C9E12C365DD28BD169EFEA6E5B7939A687C85600000000000000000000000000000000000000000000000000000000000000200000000000000000000000008A97A1C3D09D9965F1A0AAD6754D6DEEC10EC0080000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ED6B3DC95E6E41156CDE61A206668935D7E958A400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007D51997B2853B7C097A0071C086DF4A946096331000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026D7B4FE67F4601643304B5023B3CAF3A72E8504000000000000000000000000000000000000000000000000000000000000002000000000000000000000000040C839B831C90173DC7FBCE49A25274A4688DDD90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000C18BAB9F644187505F391E394768949793E9894F00000000000000000000000000000000000000000000000000000000000000200000000000000000000000009C43DD3F55A016B1D678F7C6405302E44671D0B90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000B0BAA65689611C9D04BB5ED2732D8B997058336000000000000000000000000000000000000000000000000000000000000000200000000000000000000000007D0383D358C8751596DC2BB030ADDB1751B70DA000000000000000000000000000000000000000000000000000000000000000200000000000000000000000003869DBAE46454EFB20E20C136E751A272922530D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E5B8FF1CA1C3EF2AC704783D6473EE5A9BE7E02D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000775490B4C406658C425F9A1CA76199463DCE948300000000000000000000000000000000000000000000000000000000000000200000000000000000000000004191131CD452E9729546B79F9F4E00C12E1D1C220000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DE1C59BC25D806AD9DDCBE246C4B5E55056457180000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FB594517B65A2712E8775884DC15A3AEBC43094A0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000DEAD0D7C6ABE46B133CCE19AA1FFD282F301AC070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000944FDEA9D4956CE673C7545862CEFCCAD6EE1B0400000000000000000000000000000000000000000000000000000000000000200000000000000000000000009AFDA3ADFC3588B4404F79792A97F2116957300C000000000000000000000000000000000000000000000000000000000000002000000000000000000000000011360F0C5552443B33720A44408ABA01A809905E00000000000000000000000000000000000000000000000000000000000000200000000000000000000000004EF9F74DB039959FFA54D28EDD7096FCA8760A8E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000087D3EE8CC75C3916E3B6F56E307AADCD3AFEFF68000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026ED4F387A7059A883701EA161B1C581B006A77A00000000000000000000000000000000000000000000000000000000000000200000000000000000000000006627C849FFED9B78B192602085987384D686FB130000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E1D29D0A39962A9A8D2A297EBE82E166F8B8EC180000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E22619F6D538DE6E0B6C1845174D45E90CBD3576000000000000000000000000000000000000000000000000000000000000002000000000000000000000000047F87B17367C502C9F3D59159C4621B34B8CFD3E0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000E82EAE06EBE399EC24C447185A3E163E31BEFE99000000000000000000000000000000000000000000000000000000000000002000000000000000000000000052A42429BDAAD4396F128CB92167E64A96BE8A6100000000000000000000000000000000000000000000000000000000000000200000000000000000000000003C8CBD613857965267BCD4BDEC7B794DD53969A0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063495284B373224C88DB0354F043F7F3584B9DC60000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A9E8BD5F14C553EF8D8215EAD82997560162132D00000000000000000000000000000000000000000000000000000000000000200000000000000000000000005AF278B1C423A320425CD46F3F6E9C08C814BF860000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EB63EE9C8BE4C1D14C6D352FAD5CA8F933BE7AF80000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ECA588E75C8EB0D2322F52C2C90BD525C5A5D93D0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000EF0CFA1DF7ACC83AF898E701839CA7EB72896EB10000000000000000000000000000000000000000000000000000000000000020000000000000000000000000A425F914E2CDC749D686E627325E7B6CD43EFF6D000000000000000000000000000000000000000000000000000000000000002000000000000000000000000091364516D3CAD16E1666261DBDBB39C881DBE9EE000000000000000000000000000000000000000000000000000000000000002000000000000000000000000038A4D889A1979133FBC1D58F970F0953E3715C26000000000000000000000000000000000000000000000000000000000000002000000000000000000000000026F2755277456917544ED13592A807F3560750060000000000000000000000000000000000000000000000000000000000000020000000000000000000000000CE90A7949BB78892F159F428D0DC23A8E3584D750000000000000000000000000000000000000000000000000000000000000020000000000000000000000000442DCCEE68425828C106A3662014B4F131E3BD9B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000002E3BF43C2937925BD3E9F61B0362276255FE30960000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D23C85224940FB5B5148BA212277C8516F31947E000000000000000000000000000000000000000000000000000000000000002000000000000000000000000032573F29F8F407F5C291E0D2CF9B08116A8053C90000000000000000000000000000000000000000000000000000000000000020000000000000000000000000484F2BFE6EA59D667FD5CB29ED259329180D05070000000000000000000000000000000000000000000000000000000000000020000000000000000000000000FDF9A868134EC587EEEE6BE4C4A3F564DAFBF90B0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000763D5D93F27615AAC852B70549F5877B9219386400000000000000000000000000000000000000000000000000000000000000200000000000000000000000007BEF8662356116CB436429F47E53322B711F4E4200000000000000000000000000000000000000000000000000000000000000200000000000000000000000000938C0A225F59F9AE4F2DB1D7BE7AAEE75DB66540000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D2AF803AD747EA12ACF5AE468056703AE48785B50000000000000000000000000000000000000000000000000000000000000020000000000000000000000000792110D7BAB2273B0C084D4E5A6FDDB9F8CD667300000000000000000000000000000000000000000000000000000000000000200000000000000000000000001DE0C9B91CDD14F3C17518A027877BAFF2003E2B00000000000000000000000000000000000000000000000000000000000000200000000000000000000000007C3D434D79DDDAC3174CE0819F55ED82E02761470000000000000000000000000000000000000000000000000000000000000020000000000000000000000000D75233704795206DE38CC58B77A1F660B5C608960000000000000000000000000000000000000000000000000000000000000020000000000000000000000000571531258FDC9AF3920A1F9067499605890812B9
12) thao7 has started work.

Tôi thấy kế hoạch này rất là hay ok cảm ơn anh em anh em mệt rồi tất cả nghĩ ngơi
13) zorkil3 has started work.

Lutfen ödülümü alabilirmiyim yada nasil alacgim
14) drswim94 has started work.

Anything possible that will have me grow my money and support my family
15) sudarno08 has started work.

0x4651483cf317E06ED7A44d5CE3Dc0A04Af1c2Ef4
16) przemek1553662771 has started work.

0x4651483cf317E06ED7A44d5CE3Dc0A04Af1c2Ef4
17) lenanazarevich has started work.

Впервые пробую свои силы здесь. Не судите строго. Всем успехов

Learn more on the Gitcoin Issue Details page.

@gitcoinbot
Copy link

gitcoinbot commented Mar 29, 2022
edited
Loading

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work for 2000.0 FOX (304.8 USD @ $0.15/FOX) has been submitted by:

  1. @recep9227
  2. @koksymaglo
  3. @pandapip1
  4. @lehuuhieu7777
  5. @mitumaru
  6. @thao7
  7. @sudarno08
  8. @przemek1553662771
  9. @dat999999

@0xean please take a look at the submitted work:

@Pandapip1 Pandapip1 mentioned this issue Mar 30, 2022
Closed
@MBMaria
Copy link

MBMaria commented Jun 15, 2022

Is this still an open bounty?

@Pandapip1
Copy link

I believe so.

@mrnerdhair
Copy link

Everyone / @MBMaria / @0xean :

Having seen no useful progress on this issue so far -- and in face of internal reprioritizations -- we're withdrawing this bounty. :(

@MBMaria
Copy link

MBMaria commented Jun 29, 2022

Thanks for the update @mrnerdhair . will make the necessary changes. Hope all goes well for your dads surgery, and hope to still see you around the DAO! Best of luck.

@xgambitox
Copy link

We also at yearn.finance have this issue while connecting a wallet using Metamask mobile since we disallow inline scripts on CSP for security reasons. Other protocols that harden their web app security will also have this issue.

An alternative could be bundling the script and serve it in a domain that apps can whitelist in the script-src, and also using SRI to validate its integrity.

@hochiw hochiw mentioned this issue Oct 6, 2022
Closed
@naugtur
Copy link

naugtur commented Jun 13, 2023

Hi everyone. I think I have a solution for this. Gotta work on it a bit more with the mobile team. Keep an eye out for updates.

@mrnerdhair @xgambitox @MBMaria

@migbash migbash mentioned this issue Jun 21, 2023
Closed
@renzor-fist
Copy link

renzor-fist commented Feb 1, 2024
edited
Loading

We have a strict CSP (sets nonces on script tags) that breaks Metamask in Firefox but doesn't break in Chrome. Has anyone noticed this?

@xgambitox
Copy link

We have a strict CSP (sets nonces on script tags) that breaks Metamask in Firefox but doesn't break in Chrome. Has anyone noticed this?

Firefox is more strict in their policies, it blocks inline scripts injected by add-ons, which is not the case in Chrome with extensions. Issue around it seems to still be opened here MetaMask/metamask-extension#3133

I ended up implementing a workaround by adding the needed code directly into the repo, you can check it out here if it helps, but most likely needs to be updated as the repo is no longer maintained yearn/yearn-finance-v3#739

@renzor-fist
Copy link

Thanks for the advice @xgambitox . I'm trying to trace back your code to the metamask implementation. Do you know where you pulled the code in src/core/frameworks/metamask/index.ts from?

@xgambitox
Copy link

Thanks for the advice @xgambitox . I'm trying to trace back your code to the metamask implementation. Do you know where you pulled the code in src/core/frameworks/metamask/index.ts from?

Its an adaptation of what the metamask extension itself executes when it injects its code. Have a look at https://github.com/MetaMask/metamask-extension/blob/030d8cb62d90f9dbdf2f82ef17d72f15fbdd986a/app/scripts/inpage.js#L54

@jmrossy jmrossy mentioned this issue Mar 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Modify CSP headers to allow hash of injected script
9 participants
@naugtur @danfinlay @mrnerdhair @0xean @xgambitox @gitcoinbot @Pandapip1 @MBMaria @renzor-fist