Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Developer-Mode Setting (related to SIWE domain binding) #18531

Closed
digiwand opened this issue Apr 11, 2023 · 1 comment
Closed

Create Developer-Mode Setting (related to SIWE domain binding) #18531

digiwand opened this issue Apr 11, 2023 · 1 comment
Labels
team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead

Comments

@digiwand
Copy link
Contributor

Description

In order to protect users, we want to strictly enforce domain-binding logic for Sign-in With Ethereum (SIWE) while supporting the developers.

To do this, we'd like a developer-mode setting that will allow developers to disable the strict domain-binding check.

See details and discussion here:
#18188 (comment)

Prerequisite

Needs design

Spec

  • Needs to be communicated to developers
  • Clearly state developer-mode is unsafe
  • Unlock developer-mode only in Flask or beta
    • Is there a way to redirect users from stable to Flask or beta if it may be applicable? ideas: note in settings, add in response when RPC requests are rejected due to domain binding.
  • Unsafe developer mode unblocks domain bindings
    • To confirm, will this bypass warning modals as well?

Another consideration has been to apply a specific setting to disable the domain-binding check in Flask or beta. This could be a plan B.
Proposed here: #18188 (comment)
@digiwand digiwand added the team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead label Apr 11, 2023
@digiwand digiwand mentioned this issue Apr 11, 2023
Closed
@digiwand
Copy link
Contributor Author

digiwand commented Apr 11, 2023
edited
Loading

Duplicate of #18191

@digiwand digiwand marked this as a duplicate of #18531 Apr 11, 2023
@digiwand digiwand marked this as a duplicate of #18191 Apr 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@digiwand