Lace Wallet Custom Submit API Not working (Eternl works)

Developers Misc Dev Talk
1

Hello everyone. I am a stake pool operator and decided to run some nodes to be used for with the cardano submit-api. Setting them up was straight forward and my initial tests worked with Eternl.

When testing the custom submit API with Lace wallet, I ran into issues. It looks like there’s a content security policy (CSP) in place. The error I got mentioned the CSP and list of domains that are allowed.

My question is, do I have to do something on my own node in order for this to work with Lace. If not, this is likely a question I’ll need to ask the Lace developers.

Thanks in advance for you responses.

1 Like
2

Apparently, Lace only allows some predefined providers and a locally installed submit api. Maybe you can open an issue on GitHub · Where software is built to ask if they would allow other submit api’s too.

I did some testing however and managed to circumvent this in two different ways.

:exclamation::exclamation::exclamation: I strongly advise to NOT use them out of security reasons and I’m not responsible if you choose to do anyway and something goes wrong. :exclamation::exclamation::exclamation:

That said:

  1. You can set http://127.0.0.1:/api/submit/tx (or https if your submit api uses that) as your custom submit api and then run a proxy locally an your machine to forward requests from 127.0.0.1 port to domain.tld port. I did it just with the nc command, the tx did reach my submit api on the other domain, but the answer didn’t propagate back to Lace which just kept waiting… After reloading the extension, the tx showed up however. This works for manual constructed txs, but might not work so well with dapps. With another (real) proxy server running on your machine, it might work better though (not tested).

  2. You can browse to the extension location on disk and edit the manifest file and add your host to the list of allowed ones where you see the others, add the port too if it differs from 80. After this, you need to go to the extension overview in Chrome, enable developer mode, open the extension details, click the button to reload the unpacked extension and browse to the right folder. BE AWARE though, if the on disk files where manipulated already by some virus or so, you’ll load this too. I also don’t know what effect this action has on a new version coming out… Your extension will also be listed as unchecked and possibly unsafe.

1 Like
3

Thanks for the response. I think the local proxy should be safe but you’re right, it likely doesn’t work well with dapps.