removes integrity check

package.json

@@ -30,7 +30,6 @@
     "@metamask/obs-store": "^8.1.0",
     "@toruslabs/http-helpers": "^4.0.0",
     "@toruslabs/openlogin-jrpc": "^4.4.0",
-    "create-hash": "^1.2.0",
     "end-of-stream": "^1.4.4",
     "eth-rpc-errors": "^4.0.3",
     "events": "^3.3.0",

src/embed.ts

@@ -5,7 +5,6 @@ import deepmerge from "lodash.merge";
 import configuration from "./config";
 import { documentReady, handleStream, htmlToElement, runOnLoad } from "./embedUtils";
 import TorusInpageProvider from "./inpage-provider";
-import generateIntegrity from "./integrity";
 import {
   BUTTON_POSITION,
   BUTTON_POSITION_TYPE,
@@ -47,10 +46,6 @@ const defaultVerifiers = {
   [LOGIN_PROVIDER.DISCORD]: true,
 };
 
-const iframeIntegrity = "sha384-5wfQNApq4YIunQu3JVyIfoWQHdz5824c+mHr1WOMddVX9N+d6ErcA25MCuLSLeQH";
-
-const expectedCacheControlHeader = "max-age=3600";
-
 const UNSAFE_METHODS = [
   "eth_sendTransaction",
   "eth_signTypedData",
@@ -68,7 +63,7 @@ const UNSAFE_METHODS = [
   try {
     if (typeof document === "undefined") return;
     const torusIframeHtml = document.createElement("link");
-    const { torusUrl } = await getTorusUrl("production", { check: false, hash: iframeIntegrity, version: "" });
+    const { torusUrl } = await getTorusUrl("production", { version: "" });
     torusIframeHtml.href = `${torusUrl}/popup`;
     torusIframeHtml.crossOrigin = "anonymous";
     torusIframeHtml.type = "text/html";
@@ -174,8 +169,6 @@ class Torus {
     loginConfig = {},
     showTorusButton = true,
     integrity = {
-      check: false,
-      hash: iframeIntegrity,
       version: "",
     },
     whiteLabel,
@@ -268,30 +261,7 @@ class Torus {
       });
     };
 
-    if (buildEnv === "production" && integrity.check) {
-      // hacky solution to check for iframe integrity
-      const fetchUrl = `${torusUrl}/popup`;
-      const resp = await fetch(fetchUrl, { cache: "reload" });
-      if (resp.headers.get("Cache-Control") !== expectedCacheControlHeader) {
-        throw new Error(`Unexpected Cache-Control headers, got ${resp.headers.get("Cache-Control")}`);
-      }
-      const response = await resp.text();
-      const calculatedIntegrity = generateIntegrity(
-        {
-          algorithms: ["sha384"],
-        },
-        response
-      );
-      log.info(calculatedIntegrity, "integrity");
-      if (calculatedIntegrity === integrity.hash) {
-        await handleSetup();
-      } else {
-        this.clearInit();
-        throw new Error("Integrity check failed");
-      }
-    } else {
-      await handleSetup();
-    }
+    await handleSetup();
     return undefined;
   }
 

src/interfaces.ts

@@ -1,5 +1,4 @@
 import { JRPCId, JRPCMiddleware, JRPCRequest, JRPCVersion, SafeEventEmitter } from "@toruslabs/openlogin-jrpc";
-import createHash from "create-hash";
 import type { Duplex } from "readable-stream";
 
 export const LOGIN_PROVIDER = {
@@ -77,17 +76,6 @@ export interface IPaymentProvider {
   sell?: boolean;
 }
 
-export interface IHashAlgorithmOptions {
-  algorithms?: createHash.algorithm[];
-  delimiter?: string;
-  full?: boolean;
-}
-
-export interface SRI {
-  hashes: Record<createHash.algorithm, string>;
-  integrity?: string;
-}
-
 export const BUTTON_POSITION = {
   BOTTOM_LEFT: "bottom-left",
   TOP_LEFT: "top-left",
@@ -492,17 +480,6 @@ export interface ThemeParams {
 }
 
 export interface IntegrityParams {
-  /**
-   * Whether to check for integrity.
-   * Defaults to false
-   * @defaultValue false
-   */
-  check: boolean;
-  /**
-   * if check is true, hash must be provided. The SRI sha-384 integrity hash
-   * {@link https://www.srihash.org/ | SRI Hash}
-   */
-  hash?: string;
   /**
    * Version of torus-website to load
    */