Warning message is not shown when domain is different

Question

Warning message is not shown when domain is different

Closed this issue 2 years ago · 6 comments

srirambv commented 2 years ago

Description

Warning message is not shown when domain is different

Steps

Create Web3 Talk room
Click on join the call to initiate sign message
No warning shown to user when the request URI is different

Actual Result

Expected Result

Additional Information

cc: @mrose17

Answer 1 · 2023-04-21T14:33:19.000Z

@srirambv - i can't seem to reproduce. can you make a video? thanks!

Answer 2 · 2023-04-21T14:40:56.000Z

The warning message only seems to be showing up on MM and not on Brave Wallet.

826.mp4

Answer 3 · 2023-04-21T14:43:24.000Z

@johnhalbert - my thinking is that we need to fill-in the actual domain (in this case talk.brave.software instead of hardcoding talk.brave.com for both the text <domain> wants you to sign in... and the URI: <domain> field.

Answer 4 · 2023-04-21T14:44:23.000Z

The warning message only seems to be showing up on MM and not on Brave Wallet.

826.mp4

The fix is simple: use the wallet in the Brave browser...

Answer 5 · 2023-04-24T16:52:25.000Z

@mrose17 I've update this as you mentioned above - we now use the host value from the browser as the domain in the SIWE message.

@srirambv this is ready for re-test.

Answer 6 · 2023-04-25T09:45:57.000Z

Verified no warning message is shown when trying to sign messages

MetaMask	Brave Wallet
MM-.826.mov	BW-.826.mp4