Snaps permissions
You can request the following permissions in your snap manifest file.
endowment:cronjob
To run periodic actions for the user (cron jobs), a snap must request the endowment:cronjob
permission.
This permission allows the snap to specify cron jobs that trigger the exported
onCronjob
method.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:cronjob": {
"jobs": [
{
"expression": {
"minute": "*",
"hour": "*",
"dayOfMonth": "*",
"month": "*",
"dayOfWeek": "*"
},
"request": {
"method": "exampleMethodOne",
"params": {
"param1": "foo"
}
}
},
{
"expression": "* * * * *",
"request": {
"method": "exampleMethodTwo",
"params": {
"param1": "bar"
}
}
}
]
}
}
}
endowment:ethereum-provider
To communicate with a node using MetaMask, a snap must request the endowment:ethereum-provider
permission.
This permission exposes the global API ethereum
to the snap execution environment.
This global is an EIP-1193 provider.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:ethereum-provider": {}
},
endowment:long-running
A snap that is computationally heavy and can't finish execution within the
snap lifecycle requirements must request the endowment:long-running
permission.
This permission allows the snap to run indefinitely while processing RPC requests.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:long-running": {}
},
endowment:network-access
To access the internet, a snap must request the endowment:network-access
permission.
This permission exposes the global fetch
API to the Snaps execution environment.
XMLHttpRequest
isn't available in Snaps, and you should replace it with fetch
.
If your dependencies use XMLHttpRequest
, you can
patch it away.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:network-access": {}
},
Same-origin policy and CORS
fetch()
requests in a snap are bound by browsers' same-origin policy. Since snap code is executed in an iframe with the sandbox
property, the browser sends an Origin
header with the value null
with outgoing requests. For the snap to be able to read the response, the server must send an Access-Control-Allow-Origin
CORS header with the value *
or null
in the response.
endowment:rpc
To handle arbitrary JSON-RPC requests, a snap must request the endowment:rpc
permission.
This permission grants a snap access to JSON-RPC requests sent to the snap, using the exported
onRpcRequest
method.
This permission requires an object with a snaps
or dapps
property (or both), to signal if the
snap can receive JSON-RPC requests from other snaps, or dapps, respectively.
The default for both properties is false
.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:rpc": {
"dapps": true,
"snaps": false
}
}
}
endowment:transaction-insight
To provide transaction insights, a snap must request the endowment:transaction-insight
permission.
This permission grants a snap read-only access to raw transaction payloads, before they're accepted
for signing by the user, by exporting the onTransaction
method.
This permission requires an object with an allowTransactionOrigin
property to signal if the snap
should pass the transactionOrigin
property as part of the onTransaction
parameters.
This property represents the transaction initiator origin.
The default is false
.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:transaction-insight": {
"allowTransactionOrigin": true
}
},
endowment:webassembly
To use WebAssembly, a snap must request the endowment:webassembly
permission.
This permission exposes the global WebAssembly
API to the snap execution environment.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:webassembly": {}
},