developer-portal icon indicating copy to clipboard operation
developer-portal copied to clipboard
verified publisher icon worldcoin

stricter validation of notifications

Open michalstruck opened this issue 7 months ago • 2 comments

PR Type

  • [ ] Regular Task
  • [x] Bug Fix
  • [ ] QA Tests

Description

add stricter rules, requires notification from app to deeplink into the app, enforces wallet addresses to be 42 chars long

Checklist

  • [ ] I have self-reviewed this PR.
  • [ ] I have left comments in the code for clarity.
  • [ ] I have added necessary unit tests.
  • [ ] I have updated the documentation as needed.

michalstruck avatar May 22 '25 14:05 michalstruck

Also test failing

andy-t-wang avatar May 22 '25 17:05 andy-t-wang

I think we can be stricter here. Check starts with mini worldapp://mini-app?app_id={this.parent}

Otherwise I could link to another app here and just add a garbage path query param with my app ID ie my app is app_1

worldapp://mini-app?app_id=app_malicious&path=?app_1

true good point

michalstruck avatar May 23 '25 10:05 michalstruck