[Bug]: Site URL value is undefined for any Approve Transaction triggered by a Deeplink
#5570
Comments
seaona
changed the title
undefined for any Transaction triggered by a Deeplinkundefined for any Approve Transaction triggered by a Deeplink
seaona
added
the
team-confirmations-secure-ux
|
On the confirmation itself, it's showing as |
|
Wondering what the fix might be - cc: @holantonela this will need design for the Do we have docs on the deeplink and what parameters are passed on it? |
|
@bschorchit from what I've seen, there are 3 different type of deeplinks:
You can generate deeplinks here. |
|
Thanks for reporting this @seaona! Since Another option is allowing deeplink generators to use a specific label to expose as an "Requester/Origin name". It may be maliciously used by impersonators, opening another hell thread. Orthogonal: Are we passing all the transaction parameters clean in that deeplink? Could be obfuscate that data? https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url |
|
Ok, so based on Antonela's comment above (thank you!!), here's the scope for the fix:
1st screenshot (origin pill): 2nd screenshot (site url): I'm leaving the obfuscating part out of scope as there might be needed some discussion and input from Andre and Ezgi that doesn't block the above fix. |
bschorchit
added
the
Sev2-normal
|
@bschorchit @seaona A simple |
## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> When the transaction origin is `qr-code`, we shouldn't show the origin pill. See ref [5570](#5570 (comment)) ## **Related issues** Fixes: #7545 Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/07a2a3fd-2fff-4242-a754-e8f45d455cb4 ## **Manual testing steps** 1. Select Mainnet 2. Trigger a Deeplink 3. See domain pill appears with the selected address  ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before**  ### **After**  ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've clearly explained what problem this PR is solving and how it is solved. - [x] I've linked related issues - [x] I've included manual testing steps - [x] I've included screenshots/recordings if applicable - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). - [x] I’ve properly set the pull request status: - [x] In case it's not yet "ready for review", I've set it to "draft". - [x] In case it's "ready for review", I've changed it from "draft" to "non-draft". ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
Describe the bug
Site URL value is undefined for any Approve Transaction triggered by a Deeplink
Screenshots
If applicable, add screenshots or links to help explain your problem
undefined-site-url-deeplink.mp4
To Reproduce
Steps to reproduce the behavior
undefinedExpected behavior
Not sure what should be the appropiate value though. Should we display something like
Depplinkor similar?Smartphone (please complete the following information):
to be added after bug submission by internal support / PM
Severity
The text was updated successfully, but these errors were encountered: