Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement feature policy for Ethereum and Solana for iframes #23710

Closed
bbondy opened this issue Jun 27, 2022 · 0 comments · Fixed by brave/brave-core#13783
Closed

Implement feature policy for Ethereum and Solana for iframes #23710

bbondy opened this issue Jun 27, 2022 · 0 comments · Fixed by brave/brave-core#13783
Assignees
@bbondy
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA/No release-notes/include security
Milestone
1.43.x - Release

Comments

@bbondy
Copy link
Member

bbondy commented Jun 27, 2022
edited
Loading

Credit @diracdeltas

Historically the web has had a notion of “powerful” APIs like geolocation and camera/microphone, which are subject to additional security restrictions. See for instance https://www.w3.org/TR/secure-contexts/.

Because they allow websites to request access to user funds, new web3 APIs like window.ethereum and window.solana generally MUST be subject to the same restrictions as other powerful APIs like geolocation.

As a rule of thumb, if a context is not allowed to request access to geolocation, window.ethereum and window.solana must be undefined in this context.

Restrictions for insecure contexts

Only “secure origins” as defined in https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features/#definitions should have access to window.ethereum and window.solana.
This can be checked using window.isSecureContext, including inside iframes.

That part is implemented in brave/brave-core#13752
This PR does not concern itself with that part of the spec.

Restrictions in iframes

Android and Desktop

window.ethereum and window.solana should be blocked in an iframe if window.isSecureContext would be false in the iframe. (this part is already dealt with)

In addition:

  1. If the iframe is third party to the top-level origin, it should be blocked UNLESS the iframe has the allow=”{solana/ethereum}” attribute (where “solana” and “ethereum” values control the corresponding API permissions).

  2. If the iframe is first party to the top-level origin AND the sandbox attribute is set on the iframe, it should be blocked UNLESS sandbox=”allow-same-origin” is set. Note ”allow-same-origin”` does nothing if the iframe is third-party.

  3. For security-conscious users, we should add a setting to block window.{ethereum,solana} in ALL iframes, regardless of origin or attributes. This matches the default behavior on iOS.

QA should make sure any permission prompts initiated by an iframe show the iframe’s origin.

iOS

Currently on iOS, window.ethereum and window.solana are both undefined in all iframes.
This PR does not concern itself with iOS.

Example cases

https://github.com/brave/brave-wallet-docs/pull/62/files#diff-00f2c6a408b8bb684cf33087db2be29237bc1da21c955abd3af32f2dfcbf4f8eR39
@bbondy bbondy added OS/Android Fixes related to Android browser functionality OS/Desktop labels Jun 27, 2022
@bbondy bbondy added this to Web3 Jun 27, 2022
@bbondy bbondy added the priority/P2 A bad problem. We might uplift this to the next planned release. label Jun 27, 2022
@bbondy bbondy moved this to In Progress in Web3 Jun 27, 2022
@bbondy bbondy self-assigned this Jun 27, 2022
@bbondy bbondy mentioned this issue Jun 27, 2022
Merged
25 tasks
@kdenhartog kdenhartog mentioned this issue Jun 30, 2022
Closed
Repository owner moved this from In Progress to Done in Web3 Jul 5, 2022
@bbondy bbondy added this to the 1.43.x - Nightly milestone Jul 5, 2022
@bbondy bbondy mentioned this issue Jul 9, 2022
Closed
@LaurenWags LaurenWags mentioned this issue Aug 31, 2022
Closed
@kjozwiak kjozwiak mentioned this issue Sep 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bbondy bbondy

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA/No release-notes/include security
Projects
Web3
Archived in project
Milestone
1.43.x - Release
Development

Successfully merging a pull request may close this issue.

Add Ethereum and Solana feature policy brave/brave-core
2 participants
@diracdeltas @bbondy