Snaps permissions
You can request the following permissions in your snap manifest file.
endowment:cronjob
To run periodic actions for the user (cron jobs), a snap must request the endowment:cronjob permission.
This permission allows the snap to specify cron jobs that trigger the exported
onCronjob method.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:cronjob": {
"jobs": [
{
"expression": {
"minute": "*",
"hour": "*",
"dayOfMonth": "*",
"month": "*",
"dayOfWeek": "*"
},
"request": {
"method": "exampleMethodOne",
"params": {
"param1": "foo"
}
}
},
{
"expression": "* * * * *",
"request": {
"method": "exampleMethodTwo",
"params": {
"param1": "bar"
}
}
}
]
}
}
}
endowment:ethereum-provider
To communicate with a node using MetaMask, a snap must request the endowment:ethereum-provider permission.
This permission exposes the global API ethereum to the snap execution environment.
This global is an EIP-1193 provider.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:ethereum-provider": {}
},
endowment:long-running
A snap that is computationally heavy and can't finish execution within the
snap lifecycle requirements must request the endowment:long-running permission.
This permission allows the snap to run indefinitely while processing RPC requests.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:long-running": {}
},
endowment:network-access
To access the internet, a snap must request the endowment:network-access permission.
This permission exposes the global fetch API to the Snaps execution environment.
XMLHttpRequest isn't available in Snaps, and you should replace it with fetch.
If your dependencies use XMLHttpRequest, you can
patch it away.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:network-access": {}
},
Same-origin policy and CORS
fetch() requests in a snap are bound by browsers' same-origin policy. Since snap code is executed in an iframe with the sandbox property, the browser sends an Origin header with the value null with outgoing requests. For the snap to be able to read the response, the server must send an Access-Control-Allow-Origin CORS header with the value * or null in the response.
endowment:rpc
To handle arbitrary JSON-RPC requests, a snap must request the endowment:rpc permission.
This permission grants a snap access to JSON-RPC requests sent to the snap, using the exported
onRpcRequest method.
This permission requires an object with a snaps or dapps property (or both), to signal if the
snap can receive JSON-RPC requests from other snaps, or dapps, respectively.
The default for both properties is false.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:rpc": {
"dapps": true,
"snaps": false
}
}
}
endowment:transaction-insight
To provide transaction insights, a snap must request the endowment:transaction-insight permission.
This permission grants a snap read-only access to raw transaction payloads, before they're accepted
for signing by the user, by exporting the onTransaction method.
This permission requires an object with an allowTransactionOrigin property to signal if the snap
should pass the transactionOrigin property as part of the onTransaction parameters.
This property represents the transaction initiator origin.
The default is false.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:transaction-insight": {
"allowTransactionOrigin": true
}
},
endowment:webassembly
To use WebAssembly, a snap must request the endowment:webassembly permission.
This permission exposes the global WebAssembly API to the snap execution environment.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:webassembly": {}
},