All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Fix build script to exclude file imports from
@metamask/post-message-streamwhich expect to only run in the context of a Web worker (#27)
1.2.0 [DEPRECATED]
- Add a check for the protocol of the url being blocked. Remove
continue at your own riskoption if protocol is disallowed (#16) - Add optional arg
newIssueUrltogetUrlfunction so that the correct link to direct disputes can be specified by a hash query param. (#23)
- Add service worker for offline caching (#9)
- Add favicons (#8)
- Add actions to publish to gh-pages (#3)
- Add dummy "main" script (#6)
- This allows locating the package install directory using
require.resolve, which is better for compatibility between package managers. - The main script throws an error, helping to prevent accidental misuse.
- This allows locating the package install directory using
- Skip initialization if the page is being loaded solely to install the service worker (#11)
- If the hash
#extensionStartupis set, skip setup and assume the page is being loaded just for service worker installation. We use this technique to ensure the service worker is installed during the MetaMask extension startup process.
- If the hash
- Add anti-clickjacking measures (#12)
- A script was added to the HTML file to detect when the frame is being embedded. If it detects that it is embedded, a separate design is used that prompts the user to open the warning page in a new tab to proceed. This ensures the blocked page cannot be added to the safelist via a clickjacking attack.
- Initial implementation of the phishing warning page
- This should behave identically to the phishing warning page built into the MetaMask extension.