Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More strict MV3 rules for path and subdomain gateways #1253

Closed
5 tasks done
Tracked by #1152
lidel opened this issue Aug 3, 2023 · 2 comments · Fixed by #1256
Closed
5 tasks done
Tracked by #1152

More strict MV3 rules for path and subdomain gateways #1253

lidel opened this issue Aug 3, 2023 · 2 comments · Fixed by #1256
Assignees
@whizzzkid
Labels
mv3-beta-bugs

Comments

@lidel
Copy link
Member

lidel commented Aug 3, 2023
edited by whizzzkid
Loading

URL like https://ipfs.io/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR produces rules like

origin: '^https?\\:\\/\\/ipfs\\.io',
destination: 'http://127.0.0.1:8080'

The MV3 rules created by ipfs-companion beta 3.0.0.1114 for a public path or subdomain gateway should be for specific namespace like /ipfs or /ipns, never for the entire origin. Redirecting entire origin should happen only for DNSLink websites.

For public path and subdomain gateways we don't want to have a situation where we break delegated routing because companion hijacked /routing/v1 endpoint, or some other /foo service endpoint that domain owner decided to expose on the same hostname,

Tasks
Beta Give feedback
  4. MV3 handling of ?uri= creates too many rules #1254
    mv3-beta-bugs
    whizzzkid
  5. MV3 handling of subdomain gateways creates too many rules #1255
    mv3-beta-bugs
    whizzzkid
@lidel lidel added need/triage Needs initial labeling and prioritization mv3-beta-bugs labels Aug 3, 2023
@lidel lidel mentioned this issue Aug 3, 2023
Merged
@whizzzkid whizzzkid self-assigned this Aug 4, 2023
This was referenced Aug 4, 2023
Open
Merged
@SgtPooki SgtPooki removed the need/triage Needs initial labeling and prioritization label Aug 7, 2023
@whizzzkid whizzzkid mentioned this issue Aug 14, 2023
Merged
@whizzzkid
Copy link
Contributor

@lidel came across this fleek example which does not have a namespace in the url.

The regex pattern that will be generated for 2nd https://(.*?).on.fleek.co/(.*?) -> https://localhost:8081/ipfs/$1/$2 interferes with the first, so that rule cannot be dynamically generated 🥺

@lidel
Copy link
Member Author

lidel commented Aug 25, 2023

My suggestion would be to

  • remove special-handling of Fleek (even if it is "generic" magical detection of CIDs in domains that do not have namespace label)
  • reach out to Fleek and ask them to follow the specs (linked below) and use {cid}.ipfs.on.fleek.co instead

We have subdomain convention for a reason, it requires namespace label after the CID to remove surface for false-positives (confusing with ipns, peerid, or uses outside content-addressed paths):

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@whizzzkid whizzzkid

Labels
mv3-beta-bugs
Projects
No open projects
IPFS-GUI (PL EngRes)
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(rules): Better Redirect Rules ipfs/ipfs-companion
3 participants
@lidel @SgtPooki @whizzzkid