Skip to content

fix: add usb permission to ledger iframe allow attribute #39082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cloudonshore merged 4 commits into from
Jan 9, 2026
Merged

fix: add usb permission to ledger iframe allow attribute #39082

cloudonshore merged 4 commits into from
Jan 9, 2026
+1 −1

Conversation

@cloudonshore
Copy link
Contributor

@cloudonshore cloudonshore commented Jan 7, 2026
edited by cursor bot
Loading

Description

Adds usb to the iframe permissions policy for the Ledger bridge iframe.

The Ledger iframe bridge (ledger-iframe-bridge) bundles both @ledgerhq/hw-transport-webhid and @ledgerhq/hw-transport-webusb. When certain code paths touch WebUSB APIs (e.g., during device enumeration, transport reconnection, or EIP-712 signing fallback), it fails with:

"Failed to execute 'getDevices' on 'USB': Access to the feature 'usb' is disallowed by permissions policy"

This commonly manifests during the internal MetaMask swap & bridge transactions.

The fix adds usb to the existing hid permission on the iframe's allow attribute.

Open in GitHub Codespaces

Changelog

CHANGELOG entry: Fixed Ledger hardware wallet connection failures during swap transactions

Related issues

Fixes: #36513

Manual testing steps

  1. Connect a Ledger hardware wallet via USB
  2. Open the Ethereum app on the Ledger device
  3. Initiate a swap transaction in MetaMask, especially on a wallet with very low ETH balance (forcing gasless transaction)
  4. Verify the transaction signing completes without hanging or USB permission errors

Screenshots/Recordings

Before

NOTWORKINGSWAP.mov

After

WORKINGSWAP.mov

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Note

Allows the Ledger iframe to access WebUSB by expanding its permissions policy.

  • Updates app/offscreen/ledger.ts to set iframe.allow to hid; usb for https://metamask.github.io/ledger-iframe-bridge/9.0.1/, preventing "usb disallowed by permissions policy" errors during device interactions

Written by Cursor Bugbot for commit c3c36b8. This will update automatically on new commits. Configure here.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 7, 2026
edited
Loading

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added team-swaps-and-bridge Swaps and Bridge team INVALID-PR-TEMPLATE PR's body doesn't match template labels Jan 7, 2026
@cloudonshore
Copy link
Contributor Author

cloudonshore commented Jan 7, 2026

I have read the CLA Document and I hereby sign the CLA

@metamaskbot metamaskbot removed the INVALID-PR-TEMPLATE PR's body doesn't match template label Jan 7, 2026
@metamaskbotv2
Copy link
Contributor

metamaskbotv2 bot commented Jan 7, 2026

Builds ready [01c321c]
UI Startup Metrics (1311 ± 110 ms)
PlatformBuildTypePageMetricMean (ms)Min (ms)Max (ms)Std Dev (ms)P 75 (ms)P 95 (ms)
ChromeBrowserifyStandard HomeuiStartup13111071164711013881481
load109588213409811661224
domContentLoaded109087713329711611216
domInteractive2916111222592
firstPaint175661187180189305
backgroundConnect22019926012224252
firstReactRender1593641722
getState381886134470
initialActions107112
loadScripts8776801129979481015
setupStore1373551323
numNetworkReqs181176171168
BrowserifyPower User HomeuiStartup18141431239718719092163
load1054872138912011561242
domContentLoaded1044864137111911471233
domInteractive30171212326106
firstPaint174661384173208305
backgroundConnect24520261884233498
firstReactRender15112821519
getState17213132133189236
initialActions102111
loadScripts83266911651199381027
setupStore1794191836
numNetworkReqs66522082162114
WebpackStandard HomeuiStartup822666113983873969
load66259291671711795
domContentLoaded65758891371706789
domInteractive261696182380
firstPaint1056134256109233
backgroundConnect226112243087
firstReactRender15103241725
getState3415142174461
initialActions104112
loadScripts65458691070704780
setupStore1375181431
numNetworkReqs171174161164
WebpackPower User HomeuiStartup1245976182117212921644
load727602104093760899
domContentLoaded721595103693753892
domInteractive31181522726106
firstPaint1266545869162261
backgroundConnect927671151107576
firstReactRender16122821719
getState14913320913153172
initialActions107111
loadScripts718592102892749885
setupStore16105791438
numNetworkReqs66522092362123
FirefoxBrowserifyStandard HomeuiStartup14351123212921215221921
load1141938171313612081383
domContentLoaded1140938171313712081383
domInteractive70322243992144
firstPaint------
backgroundConnect62213665784181
firstReactRender13103841320
getState126137141123
initialActions107122
loadScripts1104923168612111631306
setupStore225808811351
numNetworkReqs20981191476
BrowserifyPower User HomeuiStartup25991509365757530663365
load1671980274755722342564
domContentLoaded1670980274655722342563
domInteractive89333707494276
firstPaint------
backgroundConnect4022712314459891194
firstReactRender20126692128
getState1177638741127186
initialActions214123
loadScripts1349961241540613532361
setupStore555111615443179
numNetworkReqs75521642987143
WebpackStandard HomeuiStartup15541232255322116232026
load13151076235518513721561
domContentLoaded13151076235418513721561
domInteractive722819140105138
firstPaint------
backgroundConnect55201984164147
firstReactRender14112631524
getState15895101628
initialActions103122
loadScripts12821063233117513211503
setupStore165114191563
numNetworkReqs20985201376
WebpackPower User HomeuiStartup28231769434460232743755
load20541188329657625512842
domContentLoaded20541188329557625512841
domInteractive9527129115381326
firstPaint------
backgroundConnect3332213303863431196
firstReactRender2112154192228
getState131741149110154211
initialActions3090923
loadScripts17871174304249522422617
setupStore624108917822210
numNetworkReqs70421632894123
📊 Page Load Benchmark Results

Current Commit: 01c321c | Date: 1/7/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

  • pageLoadTime-> current mean value: 1.03s (±42ms) 🟡 | historical mean value: 1.04s ⬇️ (historical data)
  • domContentLoaded-> current mean value: 717ms (±39ms) 🟢 | historical mean value: 729ms ⬇️ (historical data)
  • firstContentfulPaint-> current mean value: 75ms (±11ms) 🟢 | historical mean value: 79ms ⬇️ (historical data)

📈 Detailed Results

Metric Mean Std Dev Min Max P95 P99
pageLoadTime 1.03s 42ms 1000ms 1.33s 1.08s 1.33s
domContentLoaded 717ms 39ms 693ms 999ms 753ms 999ms
firstPaint 75ms 11ms 60ms 164ms 84ms 164ms
firstContentfulPaint 75ms 11ms 60ms 164ms 84ms 164ms
largestContentfulPaint 0ms 0ms 0ms 0ms 0ms 0ms
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 58 Bytes (0%)
  • ui: 0 Bytes (0%)
  • common: 20 Bytes (0%)

@metamaskbotv2
Copy link
Contributor

metamaskbotv2 bot commented Jan 8, 2026

Builds ready [c3c36b8]
UI Startup Metrics (1291 ± 112 ms)
PlatformBuildTypePageMetricMean (ms)Min (ms)Max (ms)Std Dev (ms)P 75 (ms)P 95 (ms)
ChromeBrowserifyStandard HomeuiStartup12911033155811213591454
load1084876133210111511234
domContentLoaded1078872132510111471226
domInteractive261594172177
firstPaint145651106115182306
backgroundConnect21720024810221239
firstReactRender1482531522
getState3819126144363
initialActions109112
loadScripts86766911171019301025
setupStore1272741422
numNetworkReqs171169151163
BrowserifyPower User HomeuiStartup17851412238319318882154
load1042871133811611371246
domContentLoaded1031862133111511281240
domInteractive2816116202589
firstPaint167661299167200249
backgroundConnect24320067080234475
firstReactRender14112621521
getState18313327329205231
initialActions103112
loadScripts81866711271109131017
setupStore19758112738
numNetworkReqs67552092164116
WebpackStandard HomeuiStartup796644117296841988
load656568108799697877
domContentLoaded650561108298693874
domInteractive251594192186
firstPaint1045633953125201
backgroundConnect236124263191
firstReactRender15103641524
getState3414147244068
initialActions107112
loadScripts647559108098690864
setupStore1164361324
numNetworkReqs181181181169
WebpackPower User HomeuiStartup13011011210721813601800
load73661494091791913
domContentLoaded72960893590785907
domInteractive32181602827109
firstPaint1196534461143249
backgroundConnect1108637170128546
firstReactRender17132521720
getState1497018814157174
initialActions102011
loadScripts72660693289782900
setupStore1494261432
numNetworkReqs68532282863124
FirefoxBrowserifyStandard HomeuiStartup13671063186718414961789
load1085905154412111701274
domContentLoaded1084905154412111641274
domInteractive66302113785137
firstPaint------
backgroundConnect57192964977161
firstReactRender1294441217
getState166370391046
initialActions102012
loadScripts1048891144410211041203
setupStore145113151247
numNetworkReqs19983191377
BrowserifyPower User HomeuiStartup26031549426364130853432
load1760967287161823122652
domContentLoaded1760966287161723112652
domInteractive76332835784210
firstPaint------
backgroundConnect4002213934454651221
firstReactRender19126172228
getState1173820927130170
initialActions203123
loadScripts1447950255349420482376
setupStore405109211230103
numNetworkReqs75441542992141
WebpackStandard HomeuiStartup15721306314423216451939
load13141116289219613751545
domContentLoaded13131116289219613751545
domInteractive93281520151113141
firstPaint------
backgroundConnect54201523460135
firstReactRender15115761525
getState2181722917103
initialActions103122
loadScripts12831101286618913151495
setupStore2061352715107
numNetworkReqs20981201377
WebpackPower User HomeuiStartup28881694399561433423667
load21101182302261426252890
domContentLoaded21091182302161426252890
domInteractive12629111020989474
firstPaint------
backgroundConnect3922513824334241281
firstReactRender20138172327
getState133761355128133194
initialActions213123
loadScripts18041158279753223822644
setupStore626129818023225
numNetworkReqs70401713365158
📊 Page Load Benchmark Results

Current Commit: c3c36b8 | Date: 1/8/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

  • pageLoadTime-> current mean value: 1.02s (±39ms) 🟡 | historical mean value: 1.04s ⬇️ (historical data)
  • domContentLoaded-> current mean value: 712ms (±36ms) 🟢 | historical mean value: 727ms ⬇️ (historical data)
  • firstContentfulPaint-> current mean value: 75ms (±12ms) 🟢 | historical mean value: 79ms ⬇️ (historical data)

📈 Detailed Results

Metric Mean Std Dev Min Max P95 P99
pageLoadTime 1.02s 39ms 999ms 1.32s 1.04s 1.32s
domContentLoaded 712ms 36ms 690ms 989ms 728ms 989ms
firstPaint 75ms 12ms 60ms 184ms 88ms 184ms
firstContentfulPaint 75ms 12ms 60ms 184ms 88ms 184ms
largestContentfulPaint 0ms 0ms 0ms 0ms 0ms 0ms
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 58 Bytes (0%)
  • ui: 0 Bytes (0%)
  • common: 20 Bytes (0%)

Gudahtt
Gudahtt approved these changes Jan 8, 2026
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

dawnseeker8
dawnseeker8 approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@dawnseeker8 dawnseeker8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cloudonshore cloudonshore added this pull request to the merge queue Jan 9, 2026
Merged via the queue into main with commit 4f8bc81 Jan 9, 2026
176 checks passed
@cloudonshore cloudonshore deleted the ledger-add-usb-permission branch January 9, 2026 03:14
@github-actions github-actions bot locked and limited conversation to collaborators Jan 9, 2026
@metamaskbot metamaskbot added the release-13.15.0 Issue or pull request that will be included in release 13.15.0 label Jan 9, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

@dawnseeker8 dawnseeker8 dawnseeker8 approved these changes

@gantunesr gantunesr gantunesr approved these changes

@montelaidev montelaidev montelaidev approved these changes

@SteP-n-s SteP-n-s SteP-n-s approved these changes

Assignees

No one assigned

Labels

release-13.15.0 Issue or pull request that will be included in release 13.15.0 size-XS team-swaps-and-bridge Swaps and Bridge team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(Ext) [Bug]: Cannot swap with Ledger

8 participants

@cloudonshore @Gudahtt @dawnseeker8 @gantunesr @montelaidev @SteP-n-s @metamaskbot