dayum I love this. should we invent a new transport type for payment requests (iframe-postmessage or something?) - we have all the rest like "send me x sats from y unit and z mint" etc
Discussion
I have no idea, but anything is possible
Have you looked into Shared Workers?You can use postMessage across different browser contexts with them allowing you to maintain a single WebSocket connection shared across several tabs, windows and iframes.
The key thing to think about is origins and the secure context. On another note, I was inspecting cashu.me and saw you are utilizing local storage. Have you looked into OPFS - (Origin Private File System) yet? You can tuck away any files or data away in a safe non viewable local file storage api with it. You can also store SQLite databases there and even encrypt the data at rest with the seed phrase. There is an in WebAuthn pseudorandom function HMAC secret in the FIDO spec. It could add some added security as well.
https://levischuck.com/blog/2023-02-prf-webauthn
I was digging into all this for my project here.
Nice thank you for the resources. I would like to learn more. Cashu.me will soon transition from localstorage to indexdb using dexie. I would like to add encrypted storage at some point, I hope that's not too hard with indexdb / dexie.
On sqlite: what's the idea here? Store sqlite file and have a library open the file whenever the window loads? Is that fast (say the file size grows to multiple tens of MB).