Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Support for zcash: Payment URI Handling in Zashi #1758

Open
Tomas-M opened this issue Jan 31, 2025 · 4 comments
Open

Feature Request: Support for zcash: Payment URI Handling in Zashi #1758

Tomas-M opened this issue Jan 31, 2025 · 4 comments

Comments

@Tomas-M
Copy link

Tomas-M commented Jan 31, 2025

Summary
Zashi should register itself as a handler for the zcash: URI scheme so that when a user clicks a Zcash payment link in their browser, the app automatically opens and pre-fills the payment details.

Problem Description
Currently, if a website includes a Zcash Payment Request URI (as described in ZIP 321), such as:

<a href="zcash:ztestsapling10......?amount=1&memo=VGhpcyBpcyBhIHNpbXBsZSBtZW1vLg"> Pay Now </a>

clicking this link does not open the Zashi app, even if it is installed on the user's phone. Instead, nothing happens, or the browser may show an error.

Proposed Solution
Implement support for the zcash: URI scheme in Zashi by registering it in the app's manifest (Android) and appropriate settings for iOS.
When a user clicks a zcash: payment link, Zashi should:

  • Open automatically.
  • Prompt for PIN/biometric authentication (if required).
  • Show a payment confirmation screen with prefilled details from the URI.

Since Zashi already supports parsing ZIP 321 payment URIs from QR codes, this functionality is mostly in place—the missing part is simply registering Zashi as a handler for zcash: links.

User Benefit

  • Enables seamless payments from web browsers directly into the Zashi app.
  • Improves user experience by eliminating the need to copy and paste payment addresses manually.
  • Makes Zashi a more convenient option for merchants and customers using Zcash for online transactions.

Platform Scope
This feature request applies to both Android and iOS versions of Zashi, as both platforms need to register the app as a handler for zcash: links.

Additional Notes
I believe implementing this should be relatively straightforward, as similar functionality exists for handling QR codes. Thank you for considering this feature request!
@true-jared
Copy link
Contributor

Thanks for adding this @Tomas-M, we appreciate the work you put in here!

This is a wonderful feature which unfortunately can have security impact and it was flagged to us during a security audit. We have come up with an internal solution which actually opens Zashi but forces the user to rescan the QR code in Zashi again to mitigate any security threat for malicious data manipulation. See Electric-Coin-Company/zashi#60 for more details on the possible security threats.

@Tomas-M
Copy link
Author

Tomas-M commented Feb 5, 2025
edited
Loading

I explained in #60 that rejecting URL scheme registration outright sacrifices crucial user experience without delivering a proportional security benefit

@HonzaR
Copy link
Collaborator

HonzaR commented Feb 5, 2025

Hi @Tomas-M. We've done several analyses related to this feature in the past. Thanks for bringing it here again. We'll discuss and get back to you soon.

@Tomas-M
Copy link
Author

Tomas-M commented Feb 5, 2025

Domain links, also known as universal links (iOS) or app links (Android), allow a specific website URL to directly open an associated app. I posted a detailed description at Electric-Coin-Company/zashi#60

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Tomas-M @HonzaR @true-jared