chore: robust implementation dapp connection

[tommasini]

Description

Dapp connection implementaion robustness

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Strengthens origin validation to prevent external dapps from using internal MetaMask origins.

• Enforces INTERNAL_ORIGINS checks and throws rpcErrors.invalidParams in eth_sendTransaction, SDK deeplink processDappRpcRequest, SDK setupBridge, SDKConnectV2 handleConnectDeeplink, WC2 onSessionProposal, and WC2 session handleSendTransaction.
• Normalizes use of origin/hostname where needed and persists origin metadata for UI as before.
• Updates WC2 tests: stubs rejectSession to resolve, adds comprehensive origin-rejection cases (blocks plain metamask, allows valid URLs including subdomains and metamask.io).

^{Written by Cursor Bugbot for commit bd6a404. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[sonarqubecloud]

Quality Gate failed

Failed conditions
12.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeCore, SmokeConfirmationsRedesigned, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeTrade, SmokeWalletPlatform, SmokeWalletUX, SmokeAssets, SmokeSwaps, SmokeStake, SmokeCard, SmokeNotifications, SmokeRewards, SmokePerps, SmokeRamps, SmokeMultiChainPermissions, SmokeAnalytics, SmokeMultiChainAPI, SmokePredictions
• Risk Level: high
• AI Confidence: %

click to see 🤖 AI reasoning details

Fallback: AI analysis did not complete successfully. Running all tests.

View GitHub Actions results