You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(signing): trusted origins sign without a prompt (general NIP-07 signer)
handleSignEvent gated auto-signing on `trusted && autoSign && isSolidAuth`,
so a trusted origin only signed kind-27235 (Solid auth) silently and
re-prompted for every other event kind. A normal Nostr client — the forum
publishes kind 0 / 10002 / 22242 on every load — therefore raised three
approval popups on each page load, making Podkey unusable as a single
general-purpose signer.
Align signing with the trust model already used by GET_PUBLIC_KEY and
nip44.{encrypt,decrypt}: a trusted origin is sufficient to skip the prompt
(decrypting DMs is strictly more sensitive than signing, and is already
silent for trusted origins). An untrusted origin still ALWAYS prompts, and
approving it establishes revocable trust — no silent first-use.
let shouldSign = trusted && autoSign && isSolidAuth;
-> let shouldSign = trusted;
Tests updated to the general-signer contract (133 pass, lint clean).
Co-Authored-By: jjohare <github@thedreamlab.uk>
0 commit comments