An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.
The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.
The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.
The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.
New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
* Fix speed-up/cancel: don't update existing transaction data
* Move retryTxMeta state management to useGasFeeInputs.js
* Handle initial retryTxMeta set if no transaction is passed to useGasFeeInputs
* Ensure previousGas is use on retry transaction if it is available in useGasFeeInputs
* Remove update transaction mock and correctly test gas fee increase scenarios now that updateTransaction used in cancel-speedup is defined on the front end
Updates Flask changelog entries for v10.13.0. Some older commits were not included in the most recent Flask release due to merge conflicts. We should never run into this issue again since Flask should henceforth always release alongside the extension.
The commits in question were included in e.g. 10.12.0, but they were never actually released on Chrome.
* Set up correct timer value for fetching new quotes
* Show red timer in Swaps if quotes fetching will happen in less than 10s (previously it was 30s)
* Fix a UI issue with the notification close button
* Make stx refresh rates optional, since not every network supports them
Replace the last two uses of the `ReadOnlyInput` with a div. The idea
of using an input for read-only data is silly. We can just put it in
the DOM directly instead.
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.
A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
An array of integers is now used to represent the SRP in three cases:
* In the import wallet flow, the UI uses it to pass the user-provided
SRP to the background (which converts the array to a buffer).
* In the create wallet flow, the UI uses it to retrieve the generated
SRP from the background.
* When persisting the wallet to state, the background uses it to
serialize the SRP.
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
* Show fiat on confirm screen on multilayer-fee network
* Disable gas editing on optimism
* Fix send max mode on optimism
* Represent layer 2 gas fee as a single value
* Hide gas fee edit UI on optimism
* Improvement multilayer-fee-message styling
* Lint fix
* Fix locales
* Remove unnecessary code change
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Mark Stacey
kumavis
kumavis
ryanml
Dan J Miller
David Walsh
Guillaume Roux
Erik Marks
Daniel
George Marshall
MetaMask Bot