Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #22275 +/- ##
===========================================
- Coverage 67.90% 67.80% -0.10%
===========================================
Files 1071 1069 -2
Lines 41378 41334 -44
Branches 11112 11104 -8
===========================================
- Hits 28096 28023 -73
- Misses 13282 13311 +29 ☔ View full report in Codecov by Sentry. |
Builds ready [0e09033]
Page Load Metrics (1079 ± 127 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [247ff78]
Page Load Metrics (1356 ± 203 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
|
Testing with a ledger device on the latest Chrome, I see this message on the background (and offscreen) console. Can you help me understand what I may have done wrong? 
|
After another trial, I couldn't reproduce this error again. Tested manually and it works on both nano x and s plus. LGTM |
Builds ready [359627f]
Page Load Metrics (1344 ± 139 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
| async getKeyringForDevice(deviceName, hdPath = null) { | ||
| const keyringOverrides = this.opts.overrides?.keyrings; | ||
| let keyringName = null; | ||
| console.log(deviceName); |
| action: LedgerAction.makeApp, | ||
| }, | ||
| (response) => { | ||
| if (response.success) { |
There was a problem hiding this comment.
I notice this if else block is different from what is currently on the main branch on the eth-ledger-bridge-keyring repo. Is that expected?
There was a problem hiding this comment.
Its mostly expected, I will add an else if error with a catch for if neither success or error is defined.
There was a problem hiding this comment.
replicated the else catch for a missing error
| messageId, | ||
| }; | ||
|
|
||
| // It has already been checked that they are not null above, so the |
There was a problem hiding this comment.
It was checked, but this code is still run since the if(!iframe?.contentWindow) block doesn't short circuit. Should it return false?
There was a problem hiding this comment.
That's a really good catch @davidmurdoch :D
There was a problem hiding this comment.
Thanks for that, it now returns early in this case
offscreen/scripts/ledger-iframe.ts
Outdated
| // It has already been checked that they are not null above, so the | ||
| // optional chaining here is for compiler typechecking only. This avoids | ||
| // overriding our non-null assertion rule. | ||
| iframe?.contentWindow?.postMessage(iframeMsg, '*'); |
There was a problem hiding this comment.
| iframe?.contentWindow?.postMessage(iframeMsg, '*'); | |
| iframe?.contentWindow?.postMessage(iframeMsg, LEDGER_FRAME_ORIGIN_URL); |
IMPORTANT ☝️
There was a problem hiding this comment.
(otherwise, external potentially breached realms can redirect the location of this iframe to a malicious one and still receive the message)
offscreen/scripts/ledger-iframe.ts
Outdated
| window.addEventListener('message', ({ origin, data }) => { | ||
| if (origin !== LEDGER_FRAME_ORIGIN_URL) { |
There was a problem hiding this comment.
| window.addEventListener('message', ({ origin, data }) => { | |
| if (origin !== LEDGER_FRAME_ORIGIN_URL) { | |
| window.addEventListener('message', ({ origin, data, source }) => { | |
| if (origin !== LEDGER_FRAME_ORIGIN_URL || source !== iframe?.contentWindow) { |
Would be a great touch (for that to work, const iframe = document.querySelector('iframe') should be moved to the upper scope, but that shouldn't cause too much trouble)
| <iframe src="./trezor-iframe.html"></iframe> | ||
| <iframe src="./ledger-iframe.html"></iframe> |
There was a problem hiding this comment.
Would this security hardening work?
| <iframe src="./trezor-iframe.html"></iframe> | |
| <iframe src="./ledger-iframe.html"></iframe> | |
| <iframe sandbox="" src="./trezor-iframe.html"></iframe> | |
| <iframe sandbox="" src="./ledger-iframe.html"></iframe> |
Or does it clash with the rest of the logic introduced in this PR? Could be a nice touch. Weird, because the origin of the content of the iframe is at a similar trust level of the code that loads it, but if such isolation costs us nothing, it could only add security without giving up on anything.
There was a problem hiding this comment.
adding this property caused two things: Before the iframe would show up in the extension manifest in the extension manager, and it received communication from the offscreen document. After setting it both those things stopped working. For those reasons I did not add this hardening to the PR
There was a problem hiding this comment.
Fair enough, that was a long shot - thanks for trying!
I'm not too worried about that honestly, would have been nice but far from required
Builds ready [d73f19e]
Page Load Metrics (1348 ± 160 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Description
Adds the ledger-iframe to the offscreen document and establishes MV3 support for ledger. This is done by the following method:
In addition some more cleanup of the #18794 deprecation of u2f and ledger live. We no longer support setting any other method than the browsers lowest level method for connecting. For chrome webhid is the gold standard, for firefox which doesn't support webhid we use u2f. There were still a number of places in the code that reference the transportType from preferences and migrations were done to change the value for many users when we only need to know what the support for those two protocols are.
So firstly it changes the setLedgerTransportPreference to not take an input, but rather just uses the browsers support of navigator.hid to determine whether to use webhid or u2f. When #18794 landed service workers did not have access to webhid, now they do, so this is a viable approach. I also added deprecation messages where appropriate. In a future PR we should go through and remove any usages of the preference. Ideally we'd also set the transport type for the ledger device closer to the bridge, however i'm not familiar with the unlock mechanism of the keyring and trying to do this was causing issues with the mv3 connectivity.
Related issues
Fixes #17724 - No longer relevant because background/service workers have access to window.navigator.webhid
Fixes #21624 - Connects ledger to offscreen doc
Screenshots/Recordings
Manual testing steps
yarn start:mv3Pre-merge author checklist
Pre-merge reviewer checklist