Originally reported here: #17707 (comment)
As we've added support for SIWE, we have blocked users from signing messages with domain mismatch for security reasons - preventing phishing attacks as proposed in the SIWE spec.
Although this was the correct decision on the user facing side, we might have made developers work a lot more complicated with this change (see link above).
Therefore, while we should not make changes on the end user side (as allowing for domain mismatch would reintroduce the phishing attack vector), we could enable developers to workaround this block in order to facilitate their work.
Adding a toggle in advanced settings and communicate the existence of it through the error thrown in console (similar to what we currently do for eth_sign #17308) could be a potential a solution for this. But the DevEx team is best suited to propose the ideal solution here.
Originally reported here: #17707 (comment)
As we've added support for SIWE, we have blocked users from signing messages with domain mismatch for security reasons - preventing phishing attacks as proposed in the SIWE spec.
Although this was the correct decision on the user facing side, we might have made developers work a lot more complicated with this change (see link above).
Therefore, while we should not make changes on the end user side (as allowing for domain mismatch would reintroduce the phishing attack vector), we could enable developers to workaround this block in order to facilitate their work.
Adding a toggle in advanced settings and communicate the existence of it through the error thrown in console (similar to what we currently do for eth_sign #17308) could be a potential a solution for this. But the DevEx team is best suited to propose the ideal solution here.