Browser Extension (Chrome MV3) Compatibility Issue
🐛 Problem
I'm building a Zcash wallet browser extension using WebZjs, but encountering compatibility issues with Chrome Manifest V3's strict Content Security Policy (CSP).
🔍 Details
Environment:
- Chrome Extension with Manifest V3
@chainsafe/webzjs-wallet (latest version)- Zcash testnet
- CSP:
script-src 'self' 'wasm-unsafe-eval'
Issue:
Chrome MV3 disallows eval() and new Function() for security reasons. This breaks WebZjs's sync mechanism:
// ❌ Fails in Chrome MV3
await wallet.sync();
// Error: eval() is not allowed in Chrome extensions
await initThreadPool(8);
// Error: Web Workers cannot use eval()Root cause:
wallet.sync() spawns Web Workers using eval() internallyinitThreadPool() also relies on eval() for multi-threading- Chrome MV3 CSP blocks these operations
🔧 Current Workaround
I've implemented a custom sync using CipherScan's WASM for client-side decryption:
// ✅ Works: Custom sync with WASM
const compactBlocks = await fetchCompactBlocks(startHeight, endHeight);
const matches = await batch_filter_compact_outputs(compactBlocks, viewingKey);
const balance = calculateBalance(matches); // 0.02 ZEC ✅However, this creates a critical issue:
// WebZjs's internal database is EMPTY (never synced)
await wallet.propose_transfer(accountId, toAddress, amount);
// ❌ Error: "insufficient balance" (WebZjs DB has no notes!)The problem:
- Custom sync finds funds ✅
- WebZjs DB remains empty ❌
propose_transfer() can't find notes to spend ❌
❓ Questions
Is there a way to:
-
Use WebZjs sync in single-threaded mode (without eval/Web Workers)?
- Does WebZjs have a fallback sync mechanism compatible with MV3?
-
Manually populate WebZjs database with notes from custom sync?
- Can we inject notes/nullifiers into WebZjs's internal DB?
-
Use alternative transaction API (PCZTs?) that doesn't require DB sync?
// Does this work without wallet.sync()?
const pczt = await wallet.pczt_create(accountId, toAddress, value);
💡 Why This Matters
Browser extensions are a common use case for crypto wallets (Metamask, Phantom, Rabby, etc.). Chrome MV3 is now mandatory for all new extensions.
Making WebZjs compatible with MV3 would:
- ✅ Enable Zcash browser wallet extensions
- ✅ Improve Zcash ecosystem adoption
- ✅ Align with industry standards (all major wallets support MV3)
📝 Reproduction Steps
- Create Chrome Extension (Manifest V3)
- Add CSP:
"content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }
- Initialize WebZjs:
const wallet = new WebWallet("test", lightwalletdUrl, 10);
- Try to sync:
await wallet.sync(); → Fails with CSP error
🙏 Request
Any guidance on MV3-compatible sync or transaction building would be greatly appreciated!
Browser Extension (Chrome MV3) Compatibility Issue
🐛 Problem
I'm building a Zcash wallet browser extension using WebZjs, but encountering compatibility issues with Chrome Manifest V3's strict Content Security Policy (CSP).
🔍 Details
Environment:
@chainsafe/webzjs-wallet(latest version)script-src 'self' 'wasm-unsafe-eval'Issue:
Chrome MV3 disallows
eval()andnew Function()for security reasons. This breaks WebZjs's sync mechanism:// ❌ Fails in Chrome MV3
await wallet.sync();
// Error: eval() is not allowed in Chrome extensions
await initThreadPool(8);
// Error: Web Workers cannot use eval()Root cause:
wallet.sync()spawns Web Workers usingeval()internallyinitThreadPool()also relies oneval()for multi-threading🔧 Current Workaround
I've implemented a custom sync using CipherScan's WASM for client-side decryption:
// ✅ Works: Custom sync with WASM
const compactBlocks = await fetchCompactBlocks(startHeight, endHeight);
const matches = await batch_filter_compact_outputs(compactBlocks, viewingKey);
const balance = calculateBalance(matches); // 0.02 ZEC ✅However, this creates a critical issue:
// WebZjs's internal database is EMPTY (never synced)
await wallet.propose_transfer(accountId, toAddress, amount);
// ❌ Error: "insufficient balance" (WebZjs DB has no notes!)The problem:
propose_transfer()can't find notes to spend ❌❓ Questions
Is there a way to:
Use WebZjs sync in single-threaded mode (without eval/Web Workers)?
Manually populate WebZjs database with notes from custom sync?
Use alternative transaction API (PCZTs?) that doesn't require DB sync?
// Does this work without wallet.sync()?
const pczt = await wallet.pczt_create(accountId, toAddress, value);
💡 Why This Matters
Browser extensions are a common use case for crypto wallets (Metamask, Phantom, Rabby, etc.). Chrome MV3 is now mandatory for all new extensions.
Making WebZjs compatible with MV3 would:
📝 Reproduction Steps
"content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }const wallet = new WebWallet("test", lightwalletdUrl, 10);await wallet.sync();→ Fails with CSP error🙏 Request
Any guidance on MV3-compatible sync or transaction building would be greatly appreciated!