Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wasm-crypto not loading in environments where wasm-unsafe-eval CSP is not allowed #538

Open
3 tasks done
krhougs opened this issue Aug 22, 2023 · 3 comments
Open
3 tasks done

wasm-crypto not loading in environments where wasm-unsafe-eval CSP is not allowed #538

krhougs opened this issue Aug 22, 2023 · 3 comments
Labels
P3 - Low Non-essential improvements or minor fixes. Can be scheduled flexibly as time permits.

Comments

@krhougs
Copy link

krhougs commented Aug 22, 2023

TL;DR

Please change current dynamic loading codes to simply import wasmBytes from "path/to.wasm" in the production bundle to make the library work in secure environments.

I am trying to sign payloads within a Cloudflare Worker. The runtime refuses loading the wasm bytes in memory since the CSP policy wasm-unsafe-eval is not allowed in the runtime. After some research, I found that this affects multiple scenarios:

  • Electron where dynamic evaluating is blocked by default
  • Browser environments that blocks wasm-unsafe-eval explicitly
  • Node.js environments that blocks wasm-unsafe-eval explicitly

I appreciate the current dynamic façon to keep the bundle tiny in size, but it won't work in some secure environments.

Some reading: https://github.com/WebAssembly/content-security-policy/blob/main/proposals/CSP.md

Expected: the library should load
Current: FATAL: Unable to initialize @polkadot/wasm-crypto:: WebAssembly.instantiate(): Wasm code generation disallowed by embedder

This happens in ANY Environment where wasm-unsafe-eval is not allowed

  • Environment:

    • Node.js
    • Browser
    • Other (limited support for other environments)
@uno-b
Copy link

uno-b commented Aug 23, 2023

I'm creating an extension and having the same problem. Defining "wasm-unsafe-eval" in my Manifest.v2 fixes my problem, but not in Manifest.v3 because of the security changes. So it's only a temporary solution.

@krhougs
Copy link
Author

krhougs commented Aug 30, 2023

@jacogr

@krhougs krhougs mentioned this issue Sep 4, 2023
Closed
1 task
@TarikGul TarikGul added Support Tracks issues or requests related to troubleshooting, answering questions, and user assistance. P3 - Low Non-essential improvements or minor fixes. Can be scheduled flexibly as time permits. labels Oct 28, 2024
@TarikGul TarikGul removed the Support Tracks issues or requests related to troubleshooting, answering questions, and user assistance. label Oct 28, 2024
@TarikGul TarikGul moved this from Support to P3 - Low in Polkadot-js general project board Oct 30, 2024
@picascaz
Copy link

picascaz commented Jan 2, 2025

I have the same problem, Is it solved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P3 - Low Non-essential improvements or minor fixes. Can be scheduled flexibly as time permits.
Projects
Polkadot-js general project board
Status: P3 - Low
Milestone
No milestone
Development

No branches or pull requests
4 participants
@krhougs @uno-b @TarikGul @picascaz