Unable to use @chainsafe/as-sha256 in a chrome extension

[richtera]

The wasm is loaded using new Module() instead of required. This cannot be supported in a manifest 3 chrome extension since it requires wasm-unsafe-eval in the CSP and this is disallowed by chrome. It turns out the latest version of @ethereumjs/util can no longer be used in a browser extension due to this. Not sure what the right thing is to do.

Expected behavior

Should work normally

Steps to Reproduce

Build webextension and require latest versions of @ethereumjs/util using webpack

Screenshots

Desktop (please complete the following information):

• OS: Mac OS Ventura 13.2.1 (22D68)
• Version: ^0.3.1
• Branch: master
• Commit hash: ?

[richtera]

Ref ethereumjs/ethereumjs-monorepo#2587

[nazarhussain]

As per the manifest docs the wasm-unsafe-eval is allowed in the CSP for manifest v3.

{
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
  }
}

Could you try that? If it does not work, Would be very helpful if you spin up a github repo with required and minimum extension setup to reproduce this issue.

[richtera]

I got an error when trying that and I using the package inside of the background worker anyways.

[nazarhussain]

Would you setup some dummy repo with the extension setup you are trying, that will be helpful to debug the issue and test few things there.

[meeh0w]

@nazarhussain Thanks, that works as well! I tried adding wasm-eval and unsafe-eval, but not wasm-unsafe-eval - I didn't know about it up until now.

I'll still have to discuss with my team if we want to add such a directive; it may be okay as a workaround for us.

[paulmillr]

@nazarhussain there should be an ability to plug-in a different sha256 implementation, such as noble-hashes. They aren't much slower - the speed is pretty huge.

[richtera]

Wouldn't it possible to just require the wasm through a .wasm file rather than unsafe eval it through new Module()?

[paulmillr]

Please see this #313