ssz
ssz copied to clipboard
ChainSafe
Unable to use @chainsafe/as-sha256 in a chrome extension
The wasm is loaded using new Module() instead of required. This cannot be supported in a manifest 3 chrome extension since it requires wasm-unsafe-eval in the CSP and this is disallowed by chrome. It turns out the latest version of @ethereumjs/util can no longer be used in a browser extension due to this. Not sure what the right thing is to do.
Expected behavior
Should work normally
Steps to Reproduce
Build webextension and require latest versions of @ethereumjs/util using webpack
Screenshots
Desktop (please complete the following information):
- OS: Mac OS Ventura 13.2.1 (22D68)
- Version: ^0.3.1
- Branch: master
- Commit hash: ?
As per the manifest docs the wasm-unsafe-eval is allowed in the CSP for manifest v3.
{
"content_security_policy": {
"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
}
}
Could you try that? If it does not work, Would be very helpful if you spin up a github repo with required and minimum extension setup to reproduce this issue.
I got an error when trying that and I using the package inside of the background worker anyways.
Would you setup some dummy repo with the extension setup you are trying, that will be helpful to debug the issue and test few things there.
@nazarhussain Thanks, that works as well! I tried adding wasm-eval and unsafe-eval, but not wasm-unsafe-eval - I didn't know about it up until now.
I'll still have to discuss with my team if we want to add such a directive; it may be okay as a workaround for us.
@nazarhussain there should be an ability to plug-in a different sha256 implementation, such as noble-hashes. They aren't much slower - the speed is pretty huge.
Wouldn't it possible to just require the wasm through a .wasm file rather than unsafe eval it through new Module()?