Skip to content

Commit 7002f30

Browse files
committed
fix(consent): default auto-sign OFF so first-run installs never silently trust
getAutoSign() defaulted to `true`, which made the silent NIP-98 path in createNip98AuthHeader (background.js: `!trusted && isSolid && autoSign`) active out of the box: a freshly installed extension visiting any of the hardcoded Solid hosts (solid.social, solidcommunity.net, inrupt.net, solidweb.org) would mint a NIP-98 Authorization header AND persist the origin to trusted-origins with zero user interaction -- a silent auto-approve / auto-trust on install. Flip the default to OFF in storage.getAutoSign so the trusted-origin Solid (kind 27235) auto-sign and the Solid NIP-98 auto-trust are strictly opt-in: the user enables "Auto-sign for Solid" from the popup deliberately. Untrusted-origin signing was already prompt-gated and is unaffected. Align the popup default-display accordingly: popup.js reads the same OFF default, and the popup.html toggle drops its hardcoded `checked` so the markup matches the real (off) state instead of flashing on at load. No test pins the autoSign default (storage.test only asserts it is a boolean; the consent/NIP-98 suites set it explicitly), so the full 133-test suite, build and lint remain green. Co-Authored-By: jjohare <github@thedreamlab.uk>
1 parent 7192a72 commit 7002f30

3 files changed

Lines changed: 10 additions & 5 deletions

File tree

popup/popup.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ <h1>Podkey</h1>
148148
<div class="settings-desc">Silently authenticate to trusted Solid servers.</div>
149149
</div>
150150
<label class="toggle">
151-
<input type="checkbox" id="autoSignToggle" checked />
151+
<input type="checkbox" id="autoSignToggle" />
152152
<span class="slider"></span>
153153
</label>
154154
</div>

popup/popup.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,9 @@ async function showMainScreen(status) {
7676
// Load trusted sites
7777
await loadTrustedSites();
7878

79-
// Load auto-sign setting
80-
const { podkey_auto_sign: autoSign = true } = await chrome.storage.local.get(['podkey_auto_sign']);
79+
// Load auto-sign setting (defaults OFF — must match storage.getAutoSign,
80+
// which keeps silent trusted-origin Solid / NIP-98 signing strictly opt-in).
81+
const { podkey_auto_sign: autoSign = false } = await chrome.storage.local.get(['podkey_auto_sign']);
8182
document.getElementById('autoSignToggle').checked = autoSign;
8283
}
8384

src/storage.js

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -159,11 +159,15 @@ export async function getTrustedOrigins() {
159159
}
160160

161161
/**
162-
* Get auto-sign setting
162+
* Get auto-sign setting.
163+
* Defaults to OFF: a freshly installed extension must not silently sign or
164+
* auto-trust any origin (including recognised Solid hosts) until the user
165+
* deliberately enables auto-sign from the popup. This keeps the silent
166+
* trusted-origin Solid / NIP-98 path strictly opt-in.
163167
* @returns {Promise<boolean>}
164168
*/
165169
export async function getAutoSign() {
166-
const { [STORAGE_KEYS.AUTO_SIGN]: autoSign = true } =
170+
const { [STORAGE_KEYS.AUTO_SIGN]: autoSign = false } =
167171
await chrome.storage.local.get([STORAGE_KEYS.AUTO_SIGN]);
168172

169173
return autoSign;

0 commit comments

Comments
 (0)