You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 10, 2023. It is now read-only.
Some safe apps use HTTP headers such as Content-Security-Policy to let the website being loaded as an iframe for specific websites. This strategy works well for the interface hosted on gnosis-safe.io but doesn't for the desktop app.
We also got a request for easy detection if the app is loaded as a safe app that doesn't require loading the SDK - in the web version, one can use desktop.referrer, but not on the desktop. It could be done with the query params.
Affected apps:
Zerion, 1inch, furucombo
Environment
Latest desktop app
Steps to reproduce
Try to load Zerion safe app in the desktop app
Expected result
To be evaluated by the team
Obtained result
The app doesn't load
The text was updated successfully, but these errors were encountered:
Some safe apps use HTTP headers such as X-Frame-Ancestors to let the website being loaded as an iframe for specific websites. This strategy works well for the interface hosted on gnosis-safe.io but doesn't for the desktop app.
To fix this I suggest letting the desktop app know about such apps so it can hide them, and introducing a new boolean flag on the backend: restrictsAccessBySource
I can still see the Zerion app in the list of apps and a few others that do not open and I think should be hidden as well after this fix (I checked on mainnet):
Also apps like Uniswap, sushi or other token swapping apps in general do not seem to fetch the safe asset balance making them pretty much useless (although this looks like something to tackle in a separate ticket).
Description
Some safe apps use HTTP headers such as Content-Security-Policy to let the website being loaded as an iframe for specific websites. This strategy works well for the interface hosted on gnosis-safe.io but doesn't for the desktop app.
We also got a request for easy detection if the app is loaded as a safe app that doesn't require loading the SDK - in the web version, one can use
desktop.referrer
, but not on the desktop. It could be done with the query params.Affected apps:
Zerion, 1inch, furucombo
Environment
Latest desktop app
Steps to reproduce
Expected result
To be evaluated by the team
Obtained result
The app doesn't load
The text was updated successfully, but these errors were encountered: