Skip to content

chore: connection updates and improvements #24215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sethkfman merged 5 commits into from
Dec 21, 2025
Merged

chore: connection updates and improvements #24215

sethkfman merged 5 commits into from
Dec 21, 2025
+368 −2

Conversation

@sethkfman
Copy link
Contributor

@sethkfman sethkfman commented Dec 21, 2025
edited by cursor bot
Loading

Description

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Note

Adds origin validation to block connections/sessions when origin/title/url equals metamask, with comprehensive tests and WalletConnect handling.

  • Security/Validation:
    • SDK Deeplink (DeeplinkProtocolService.ts): In setupBridge, reject clients whose originatorInfo.url or title equals ORIGIN_METAMASK.
    • SDKConnect Handler (handlers/setupBridge.ts): Same exact-match rejection before creating BackgroundBridge.
    • SDKConnectV2 (services/connection-registry.ts): In handleConnectDeeplink, block requests when metadata.dapp.url or name equals ORIGIN_METAMASK.
    • WalletConnect V2 (WalletConnectV2.ts):
      • Skip initializing sessions with peer.metadata.url === ORIGIN_METAMASK.
      • Reject session proposals whose metadata.url equals ORIGIN_METAMASK.
  • Tests:
    • Add unit tests covering rejection on exact metamask origin and allowing valid URLs/substrings in: DeeplinkProtocolService.test.ts, handlers/setupBridge.test.ts, services/connection-registry.test.ts, and WalletConnectV2.test.ts.
    • Minor import updates to include ORIGIN_METAMASK where needed.

Written by Cursor Bugbot for commit bc90da8. This will update automatically on new commits. Configure here.

@sethkfman sethkfman requested a review from a team as a code owner December 21, 2025 19:23
@github-actions
Copy link
Contributor

github-actions bot commented Dec 21, 2025

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-mobile-platform Mobile Platform team label Dec 21, 2025
@sethkfman sethkfman merged commit 3c7ec9d into release/7.61.3 Dec 21, 2025
23 of 39 checks passed
@sethkfman sethkfman deleted the chore/ellul-update-pick branch December 21, 2025 19:23
@github-actions github-actions bot locked and limited conversation to collaborators Dec 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

size-M team-mobile-platform Mobile Platform team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sethkfman @metamaskbot @NicholasEllul @jiexi