Skip to content

Commit 5bc38bd

Browse files
Fix mmc release v31 (#2876)
* Docs: Add CSP QR-code troubleshooting Add a new troubleshooting 'Cause C' that explains how a strict Content Security Policy can prevent the MetaMask QR code from rendering (the fox SVG is embedded as a data: URI and materialized via a fetch-style call). The entry documents the console error, outlines the required CSP directives (allow data: in connect-src/img-src, include mm-sdk relay and analytics origins, and style-src 'unsafe-inline'), provides a minimal meta-tag example, and links to the connect-monorepo CSP reference. * Apply suggestion from @alexandratran * Update EVM docs for connectAndSign/connectWith API Document breaking API changes: connectAndSign and connectWith now return objects ({ accounts, chainId, signature }) and ({ accounts, chainId, result }) respectively. Updated examples across quickstart, guides, and reference to destructure these fields and log accounts/chainId alongside results, and added breaking-change notes. Also adjusted the EVM client status type name to ConnectEvmStatus in the reference and clarified CSP troubleshooting guidance for the QR-code fox SVG (img-src data: and older-version fallbacks). * Clarify connectAndSign/connectWith return docs Update wording in EVM guides and reference to clarify that connectAndSign and connectWith now return objects and callers should read `.signature` and `.result` from the returned object (rather than implying destructuring). Minor punctuation/phrasing tweaks in migrate-from-sdk guide and methods reference for clearer guidance. * Update linea bridge link --------- Co-authored-by: Alexandra Carrillo <12214231+alexandratran@users.noreply.github.com>
1 parent c29532b commit 5bc38bd

6 files changed

Lines changed: 83 additions & 32 deletions

File tree

metamask-connect/evm/guides/manage-user-accounts.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -217,8 +217,10 @@ const evmClient = await createEVMClient({
217217

218218
async function handleConnectAndSign() {
219219
try {
220-
const signature = await evmClient.connectAndSign({ message: 'Hello in one go!' })
221-
console.log('Signature:', signature)
220+
const { accounts, chainId, signature } = await evmClient.connectAndSign({
221+
message: 'Hello in one go!',
222+
})
223+
console.log('Accounts:', accounts, 'Chain:', chainId, 'Signature:', signature)
222224
} catch (err) {
223225
console.error('Error with connectAndSign:', err)
224226
}

metamask-connect/evm/guides/migrate-from-sdk.md

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -191,28 +191,42 @@ Chain IDs must be hex strings. Use `'0x1'`, not `1` or `'1'`, in `chainIds` and
191191
#### Connect-and-sign shortcut
192192

193193
Use `connectAndSign` to connect and sign a `personal_sign` message in one user approval.
194-
The method returns the signature directly:
194+
The method returns `{ accounts, chainId, signature }`:
195195

196196
```typescript
197-
const signature = await client.connectAndSign({
197+
const { accounts, chainId, signature } = await client.connectAndSign({
198198
message: 'Sign in to My Dapp',
199199
chainIds: ['0x1'],
200200
})
201201
```
202202

203+
:::info Breaking change in `@metamask/connect-evm` 1.0.0
204+
`connectAndSign` previously returned the signature as a bare string. It now returns an object,
205+
so read `.signature` from the returned object to get the signed value.
206+
:::
207+
203208
#### Connect-and-execute shortcut
204209

205210
Connect and execute any JSON-RPC method in a single user approval.
206-
The method returns the RPC result directly:
211+
The method returns `{ accounts, chainId, result }`:
207212

208213
```typescript
209-
const txHash = await client.connectWith({
214+
const {
215+
accounts,
216+
chainId,
217+
result: txHash,
218+
} = await client.connectWith({
210219
method: 'eth_sendTransaction',
211220
params: account => [{ from: account, to: '0x...', value: '0x0' }],
212221
chainIds: ['0x1'],
213222
})
214223
```
215224

225+
:::info Breaking change in `@metamask/connect-evm` 1.0.0
226+
`connectWith` previously returned the raw RPC result. It now returns an object,
227+
so read `.result` from the returned object to get the RPC response value.
228+
:::
229+
216230
:::tip React Native polyfills
217231
Browser-based setups (Vite, Webpack) work without polyfills. If you are migrating a **React Native**
218232
app and encounter errors referencing `Buffer`, `crypto`, `stream`, or `Event is not defined`, see

metamask-connect/evm/quickstart/javascript.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,7 @@ Use [`provider.request`](../reference/provider-api.md#request) for arbitrary [JS
217217
const { accounts, chainId } = await evmClient.connect()
218218

219219
// 2. Connect and sign in one step
220-
const signature = await evmClient.connectAndSign({
220+
const { signature } = await evmClient.connectAndSign({
221221
message: 'Sign in to the dapp',
222222
})
223223

metamask-connect/evm/reference/methods.md

Lines changed: 41 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -67,16 +67,27 @@ Connects to MetaMask and signs a `personal_sign` message in a single user approv
6767

6868
### Returns
6969

70-
A promise that resolves to the signature as a hex string.
70+
A promise that resolves to an object with the following fields:
71+
72+
| Field | Type | Description |
73+
| ----------- | ----------- | ------------------------------------------------ |
74+
| `accounts` | `Address[]` | The accounts permitted on the resulting session. |
75+
| `chainId` | `Hex` | The selected chain ID as a hex string. |
76+
| `signature` | `string` | The `personal_sign` signature as a hex string. |
77+
78+
:::info Breaking change in `@metamask/connect-evm` 1.0.0
79+
`connectAndSign` previously returned the signature as a bare string. It now returns
80+
`{ accounts, chainId, signature }`. Read `.signature` from the returned object to get the signed value.
81+
:::
7182

7283
:::tip
73-
To access the connected accounts and chain ID alongside the signature, use the `connectAndSign` event handler
74-
when [initializing the client](../quickstart/javascript.md):
84+
You can also subscribe to the `connectAndSign` event handler
85+
when [initializing the client](../quickstart/javascript.md) to receive the same payload:
7586

7687
```javascript
7788
eventHandlers: {
78-
connectAndSign: ({ accounts, chainId, signResponse }) => {
79-
console.log('Accounts:', accounts, 'Chain:', chainId, 'Signature:', signResponse)
89+
connectAndSign: ({ accounts, chainId, signature }) => {
90+
console.log('Accounts:', accounts, 'Chain:', chainId, 'Signature:', signature)
8091
},
8192
}
8293
```
@@ -86,11 +97,11 @@ eventHandlers: {
8697
### Example
8798

8899
```javascript
89-
const signature = await evmClient.connectAndSign({
100+
const { accounts, chainId, signature } = await evmClient.connectAndSign({
90101
message: 'Sign in to My Dapp',
91102
chainIds: ['0x1'],
92103
})
93-
console.log('Signature:', signature)
104+
console.log('Accounts:', accounts, 'Chain:', chainId, 'Signature:', signature)
94105
```
95106

96107
## `connectWith`
@@ -109,16 +120,27 @@ Connects to MetaMask and executes a specific [JSON-RPC method](json-rpc-api/inde
109120

110121
### Returns
111122

112-
A promise that resolves to the result of the RPC method invocation.
123+
A promise that resolves to an object with the following fields:
124+
125+
| Field | Type | Description |
126+
| ---------- | ----------- | ------------------------------------------------ |
127+
| `accounts` | `Address[]` | The accounts permitted on the resulting session. |
128+
| `chainId` | `Hex` | The selected chain ID as a hex string. |
129+
| `result` | `unknown` | The result of the JSON-RPC method invocation. |
130+
131+
:::info Breaking change in `@metamask/connect-evm` 1.0.0
132+
`connectWith` previously returned the raw RPC result. It now returns
133+
`{ accounts, chainId, result }`. Read `.result` from the returned object to get the RPC response value.
134+
:::
113135

114136
:::tip
115-
To access the connected accounts and chain ID alongside the result, use the `connectWith` event handler
116-
when [initializing the client](../quickstart/javascript.md):
137+
You can also subscribe to the `connectWith` event handler
138+
when [initializing the client](../quickstart/javascript.md) to receive the same payload:
117139

118140
```javascript
119141
eventHandlers: {
120-
connectWith: ({ accounts, chainId, connectWithResponse }) => {
121-
console.log('Accounts:', accounts, 'Chain:', chainId, 'Result:', connectWithResponse)
142+
connectWith: ({ accounts, chainId, result }) => {
143+
console.log('Accounts:', accounts, 'Chain:', chainId, 'Result:', result)
122144
},
123145
}
124146
```
@@ -128,7 +150,11 @@ eventHandlers: {
128150
### Example
129151

130152
```javascript
131-
const txHash = await evmClient.connectWith({
153+
const {
154+
accounts,
155+
chainId,
156+
result: txHash,
157+
} = await evmClient.connectWith({
132158
method: 'eth_sendTransaction',
133159
params: account => [
134160
{
@@ -139,7 +165,7 @@ const txHash = await evmClient.connectWith({
139165
],
140166
chainIds: ['0x1'],
141167
})
142-
console.log('Transaction hash:', txHash)
168+
console.log('Accounts:', accounts, 'Chain:', chainId, 'Transaction hash:', txHash)
143169
```
144170

145171
## `switchChain`
@@ -283,7 +309,7 @@ The EVM client exposes the following read-only properties:
283309
| `accounts` | `Address[]` | Currently permitted accounts. |
284310
| `selectedAccount` | `Address \| undefined` | Currently selected account (first in `accounts`). |
285311
| `selectedChainId` | `Hex \| undefined` | Currently selected chain ID as a hex string. |
286-
| `status` | `ConnectionStatus` | Connection status: `'loaded'`, `'pending'`, `'connecting'`, `'connected'`, or `'disconnected'`. |
312+
| `status` | `ConnectEvmStatus` | Connection status: `'loaded'`, `'pending'`, `'connecting'`, `'connected'`, or `'disconnected'`. |
287313

288314
### Example
289315

metamask-connect/troubleshooting/index.md

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -174,34 +174,43 @@ const client = await createEVMClient({
174174
```
175175

176176
**Cause C:** A strict Content Security Policy (CSP) is blocking the QR code from rendering.
177-
The QR code embeds the MetaMask fox SVG as a `data:` URI, which `@metamask/multichain-ui`
178-
materializes via a `fetch`-style call.
179-
A CSP without `data:` in `connect-src` (or `img-src`) blocks this and the QR code fails to appear.
180-
A symptom in the browser console looks like:
177+
The QR code embeds the MetaMask fox SVG as a `data:` URI.
181178

182-
`Refused to connect to 'data:image/svg+xml;base64,...' because it violates the following Content Security Policy directive: "connect-src 'self' https: wss:".`
183-
184-
**Fix:** Allow the `data:` scheme and the MetaMask relay and analytics origins in your CSP.
179+
**Fix:** Allow the `data:` scheme in `img-src` and the MetaMask relay and analytics origins in
180+
`connect-src`.
185181
A minimal working policy looks like:
186182

187183
```html
188184
<meta
189185
http-equiv="Content-Security-Policy"
190186
content="
191-
connect-src 'self' data: https://*.infura.io wss://mm-sdk-relay.api.cx.metamask.io https://mm-sdk-analytics.api.cx.metamask.io;
187+
connect-src 'self' https://*.infura.io wss://mm-sdk-relay.api.cx.metamask.io https://mm-sdk-analytics.api.cx.metamask.io;
192188
img-src 'self' data:;
193189
style-src 'self' 'unsafe-inline';
194190
" />
195191
```
196192

197-
- `data:` in `connect-src` and `img-src` - Required for the fox SVG embedded in the QR code.
193+
- `img-src 'self' data:` - Required for the fox SVG embedded in the QR code.
198194
- `wss://mm-sdk-relay.api.cx.metamask.io` - The relay used for remote (no-extension and mobile)
199195
connections.
200196
- `https://mm-sdk-analytics.api.cx.metamask.io` - The default analytics endpoint emitted during the
201197
connection lifecycle.
202198
- `style-src 'unsafe-inline'` - `@metamask/multichain-ui` injects component styles at runtime
203199
inside Shadow DOM (Stencil).
204200

201+
:::note Older versions
202+
In earlier package versions, the QR-code modal materialized the fox icon via an `XMLHttpRequest` on
203+
a `blob:` / `data:` URI, requiring `blob:` (and in some setups `data:`) in `connect-src`.
204+
Upgrade to `@metamask/connect-evm` 1.0.0, `@metamask/connect-solana` 1.0.0, or
205+
`@metamask/connect-multichain` 0.12.1 or later to remove this requirement — the fox SVG is now
206+
embedded directly as a `data:` URI without an extra request.
207+
A symptom on older versions looked like:
208+
209+
`Refused to connect to 'data:image/svg+xml;base64,...' because it violates the following Content Security Policy directive: "connect-src 'self' https: wss:".`
210+
211+
If you cannot upgrade, add `data: blob:` to `connect-src` as a fallback.
212+
:::
213+
205214
For the full reference, see
206215
[Content Security Policy](https://github.com/MetaMask/connect-monorepo#content-security-policy) in `metamask/connect-monorepo`.
207216

services/how-to/get-testnet-tokens.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ Use [testnet endpoints](../get-started/endpoints.md) during development and init
2323
| [Binance Smart Chain (BSC) Sepolia](https://academy.binance.com/en/articles/connecting-metamask-to-binance-smart-chain) | [BSC Sepolia faucet](https://www.bnbchain.org/en/testnet-faucet) | [BSC bridge](https://www.bnbchain.org/en/bnb-chain-bridge) |
2424
| [Celo Sepolia](https://docs.celo.org/build-on-celo/network-overview) | [Celo Sepolia faucet](https://faucet.celo.org/celo-sepolia) | [Celo bridge](https://docs.celo.org/protocol/bridge#token-bridges) |
2525
| [Ethereum Sepolia](https://ethereum.org/developers/docs/networks/) | [Ethereum Sepolia faucet](https://faucet.quicknode.com/ethereum/sepolia) | [Sepolia bridge](https://docs.blast.io/building/bridges/testnet) |
26-
| [Linea Sepolia](https://support.linea.build/getting-started/how-to-get-linea-goerli-testnet-eth) | [Linea Sepolia faucet](https://docs.metamask.io/developer-tools/faucet) | [Linea bridge](https://bridge.linea.build) |
26+
| [Linea Sepolia](https://support.linea.build/getting-started/how-to-get-linea-goerli-testnet-eth) | [Linea Sepolia faucet](https://docs.metamask.io/developer-tools/faucet) | [Linea bridge](https://linea.build/hub/bridge) |
2727
| [Mantle Sepolia](https://docs.mantle.xyz/network/for-uers/how-to-guides/connecting-wallet-to-mantle-network) | [Mantle Sepolia faucet](https://faucet.sepolia.mantle.xyz) | [Mantle bridge](https://app.mantle.xyz/bridge?network=sepolia) |
2828
| [Optimism Sepolia](https://docs.optimism.io/app-developers/tools/faucets) | [Optimism Sepolia faucet](https://faucet.quicknode.com/optimism/sepolia) | [Optimism bridge](https://app.optimism.io/bridge) |
2929
| [Polygon Amoy](https://docs.polygon.technology/tools/wallets/metamask/add-polygon-network/) | [Polygon Amoy faucet](https://faucet.polygon.technology) | [Polygon bridge](https://portal.polygon.technology/bridge) |

0 commit comments

Comments
 (0)