Skip to content

Feat/connect web iframe 2#26792

Open
szymonlesisz wants to merge 6 commits intodevelopfrom
feat/connect-web-iframe-2
Open

Feat/connect web iframe 2#26792
szymonlesisz wants to merge 6 commits intodevelopfrom
feat/connect-web-iframe-2

Conversation

@szymonlesisz
Copy link
Copy Markdown
Contributor

@szymonlesisz szymonlesisz commented Apr 16, 2026
edited
Loading

Connect Popup bootstrap

A lightweight relay page (bootstrap.html) loaded in two contexts:

  • Popup mode — opened by window.open() from the 3rd-party host
  • Iframe mode — embedded inside the 3rd-party host page

Why it exists

With COOP header enabled on the server we cant talk to suite-web directly using popupWindow.postMessage so we need a new layer to pass request/reposes between 3rd-party host and suite-web.

How it works

[3rd-party host]
  └── <iframe src="bootstrap.html">   ← iframe mode
         |  handshake with parent (3rd party)
         |  handshake with BroadcastChannel (bootstrap.html opened via window.open)
         │ send messages from 3rd-party host to BroadcastChannel
         │ send messages BroadcastChannel to 3rd-party host
  └── window.open("bootstrap.html")  ← popup mode
        │  handshake with opener (3rd party)
        │  handshake with BroadcastChannel  (bootstrap.html embeded in iframe)
        └─ redirect to ────────────────────────── [suite-web/connect-popup]
            | communicate with 3rd-party host using BroadcastChannel

However using BroadcastChannel from embeded iframe comes with a price.
BroadcastChannel is storage-partitioned in third-party iframes (Chrome, Firefox). A channel opened inside a cross-origin iframe has a different partition key than one opened on suite.trezor.io, so they can't talk directly. Bootstrap works around this using requestStorageAccess.
Unfortunately this is also not 100% reliable solution (doesnt work in Firefox, could be blocked by browser settings) in that case we should enforce Suite Desktop app

TODOS:

  • rename server rule iframe.html > bootstrap on sldev.cz
  • add server rule on suite.trezor.io
  • redirect on failed handshake (where to?)
  • fail handshake early - edgaces from the bootstrap
  • fix popup window isOpen condition (available only during bootstrap handshake)

🔍 Currents Test Results

🔍 Suite desktop test results: View in Currents

🔍 Suite web test results: View in Currents

🔒 Quarantined E2E Tests

Trezor Suite (web) — 13 test(s)
Test Type
Quarantine test: "Onboarding - create wallet,Success (basic)" 🙋 manual
Quarantine test: "Database migration,Db migration between: release/22.5/web => develop/web" 🙋 manual
Passphrase with cardano > verify cardano address behind passphrase 🤖 auto
Discovery > go to wallet settings page, activate all coins and see that there is equal number of records on dashboard 🤖 auto
Account types suite > Add-account-types-non-BTC-coins 🤖 auto
Public Keys > Check ada XPUB 🤖 auto
Cardano > Basic cardano walkthrough 🤖 auto
Export transactions > Go to account and try to export all possible variants (pdf, csv, json) 🤖 auto
Quarantine test: "Trading - Sell inputs,Sell form % inputs and limits" 🙋 manual
Quarantine test: "Trading - Sell inputs,Sell form % inputs and limits" 🙋 manual
Quarantine test: "Multiple sessions,Session overtaken by another" 🙋 manual
Quarantine CANARY test: "Trading - Sell BTC" 🙋 manual
Quarantine test: "Recovery T2T1 - dry run,Recovery after partial recovery" 🙋 manual

Updated: 2026-04-16T16:52:14.032Z • 13 test(s) total

Trezor Suite (desktop) — 15 test(s)
Test Type
Public Keys > Check ada XPUB 🤖 auto
Analytics Events - Staking Navigate > Should log the event staking/navigate - ADA from account menu 🤖 auto
Quarantine test: "Receive transaction,Receive a ETH transaction" 🙋 manual
Quarantine test: "Receive transaction,Receive a ETH transaction" 🙋 manual
Quarantine test: "Global receive and send,Global receive" 🙋 manual
Bridge > App acquired device, EXTERNAL bridge is restarted, app reconnects 🤖 auto
Bridge > App spawns bundled bridge and stops it after app quit 🤖 auto
Bridge > App in daemon mode spawns node-bridge 🤖 auto
Onboarding - create wallet > Success (basic) 🤖 auto
Discovery > go to wallet settings page, activate all coins and see that there is equal number of records on dashboard 🤖 auto
Cardano > Basic cardano walkthrough 🤖 auto
Account types suite > Add-account-types-non-BTC-coins 🤖 auto
Quarantine test: "Multiple sessions,Session overtaken by another" 🙋 manual
Quarantine test: "Send Base,User can perform ethereum sending on base network" 🙋 manual
Quarantine CANARY test: "Use regtest to test pending transactions,Send couple of pending txs and check that they are pending until mined" 🙋 manual

Updated: 2026-04-16T16:50:31.619Z • 15 test(s) total

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mroz22 mroz22 Awaiting requested review from mroz22 mroz22 is a code owner

@martykan martykan Awaiting requested review from martykan martykan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

connect@10

Projects

Suite
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@szymonlesisz