Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: replace isTrusted #79

Merged
merged 6 commits into from Oct 9, 2023
Merged

feat: replace isTrusted #79

merged 6 commits into from Oct 9, 2023

Conversation

andy-haynes
Copy link
Contributor

@andy-haynes andy-haynes commented Oct 6, 2023
edited

This PR replaces the isTrusted flag with an object under trust to accommodate more complex loading strategies in the future. Fixes #72

Before:

<Widget isTrusted ... />

After:

<Widget trust={{ mode: "trusted" }} ... />

The options in the current implementation are implemented here as values for mode: sandboxed or trusted. In the updated implementation (#73), Components without a value specified are assumed to be sandboxed.

As part of this PR I've also included a trust-author trusted-author trust mode, which treats all Components as trusted if they have the same author as the Component loaded with this trust mode. However explicitly indicating sandboxed mode overrides this blanket trust for individual Components and their descendants:

{/* Root Component  */}
<Widget trust={{ mode: "trusted-author" }} src="ex.near/widget/Parent" />


{/* Parent Component  */}
<>
  {/* ✅ same author - trusted  */}
  <Widget src="ex.near/widget/X" />

  {/* ✅ same author, explicitly trusted - trusted (**descendants of Y authored by ex.near will still be trusted**) */}
  <Widget src="ex.near/widget/Y" trust={{ mode: "trusted" }} />

  {/* ❌  same author, explicitly sandboxed - sandboxed */}
  <Widget src="ex.near/widget/X" trust={{ mode: "sandboxed" }} />

  {/* ❌  different author, no trust specified - sandboxed */}
  <Widget src="mal.near/widget/X" />
</>

We can merge this without trust-author trusted-author, I've included it here because:

  • the implementation was pretty simple
  • it will be very useful for debugging

@vercel
Copy link

vercel bot commented Oct 6, 2023
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
bos-web-engine ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 9, 2023 6:12pm

@mpeterdev
Copy link
Collaborator

We can merge this without trust-author, I've included it here because:

I am a fan of including that out of the gate 👍

@andy-haynes andy-haynes linked an issue Oct 6, 2023 that may be closed by this pull request
Use a configurable interface for specifying trust #72
Closed
@andy-haynes
Copy link
Contributor Author

StateDemo rewritten to use trust={{ mode: "trust-author" }} for the trusted path: https://bos-web-engine-git-feat-trust-prop-near-developer-console.vercel.app/andyh.near/widget/StateDemo.TrustAuthor?isDebug=true

@andy-haynes andy-haynes marked this pull request as ready for review October 9, 2023 17:34
@andy-haynes andy-haynes changed the base branch from feat/explicit-trust to main October 9, 2023 17:34
@andy-haynes andy-haynes merged commit 753425f into main Oct 9, 2023
2 checks passed
@andy-haynes andy-haynes deleted the feat/trust-prop branch October 9, 2023 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use a configurable interface for specifying trust
2 participants
@andy-haynes @mpeterdev