fix: watch asset origin metadata

[pedronfigueiredo]

Pass page meta and origin into watchAsset approvals so the UI displays the requesting dapp instead of the active tab.

Description

Changelog

CHANGELOG entry:

Related issues

Fixes: https://github.com/MetaMask/mobile-planning/issues/2395

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Aligns watch-asset requests with the requesting dapp’s metadata so approvals display the correct origin.

• Plumbs pageMeta (url/title/icon/channelId/analytics) through RPC middleware into wallet_watchAsset; derive origin from pageMeta.url or hostname.
• In wallet_watchAsset, sanitize pageMeta via getSafeJson and forward origin, pageMeta, and requestMetadata to TokensController.watchAsset; adjust tests to assert these fields.
• UI: ApproveTransactionHeader url now falls back to currentPageInformation?.url ?? activeTabUrl to show the requesting page.

^{Written by Cursor Bugbot for commit 3051d87. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeNetworkAbstractions, SmokeConfirmationsRedesigned
• Risk Level: medium
• AI Confidence: 75%

click to see 🤖 AI reasoning details

The changes modify the wallet_watchAsset RPC method in the core RPCMethods directory, which is a critical path. The changes:

1. wallet_watchAsset.ts: Adds pageMeta parameter and passes origin, pageMeta, and requestMetadata to TokensController.watchAsset(). This enhances metadata tracking for token watch requests.

2. RPCMethodMiddleware.ts: Passes page metadata (URL, title, icon, channelId, analytics) to the wallet_watchAsset handler.

3. WatchAssetRequest/index.js: Fixes the URL display in the confirmation header to use currentPageInformation?.url instead of activeTabUrl.

4. wallet_watchAsset.test.ts: Updates unit tests for the new fields.

The E2E test import-tokens-via-asset-watcher.spec.ts directly tests this functionality using RegressionNetworkAbstractions tag. Since we need to select from smoke tags:

• SmokeNetworkAbstractions: Selected because the asset watcher functionality is related to network abstractions (the regression test uses RegressionNetworkAbstractions), and the changes affect how dApps interact with the wallet to add tokens.

• SmokeConfirmationsRedesigned: Selected because the WatchAssetRequest component is part of the confirmations flow (located in confirmations/legacy/components/), and the change affects how the origin URL is displayed in the ApproveTransactionHeader.

The changes are well-scoped with unit tests updated, but since they touch core RPC handling and confirmation UI, running these smoke tests provides adequate coverage.

View GitHub Actions results

[sonarqubecloud]

Quality Gate failed

Failed conditions
55.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud