-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tackle identifying origins with (or without?) dweb: paths #6
Comments
Just to be clear solution described as working only works in firefox, in electron you wound not be able to do following:
As API exposed for protocol handlers is passed already normalized URL, meaning |
And here is also protocol implementations that I was referring to as a working solution: |
@Gozala @diasdavid This is already pretty good, but I see two potential issues and a potential fix:
From what I understand, the mapping to a whatwg-compatible URL with an origin happens purely internally, within the fs: protocol handler? If so, we can retain the whole path, and still construct the host from it.
(fs:/ipfs/hash and fs:/ipns/hash would generate the same origin, but that is okay I think.) Also note that it removes the need for multiple protocols (ipfs:// ipns:// ipld:// foo://). It basically unifies the fs URI and whatwg URL we were mapping between, into one scheme which can work both in an origin-required, and in an origin-less context. It simply defines the whatwg-compatible, originful fs URI as: set host to What do you think, does this make sense? |
On the encoding note, I think base32 would work too: https://github.com/neocities/hshca |
cc @lidel too To make a long story short, this choice depends on whether the "protocol handler redirect" in the addon is transparent, or propagates into the UX, e.g. whether it behaves as visibly as an HTTP redirect. If the redirect is purely internal, we should go with If the redirect is visible, we should go with |
There are various moving pieces and I am afraid we may be doing oversimplification here, but I'd say redirect is internal, meaning there are off-the-channel transformations made by add-on before actual HTTP request to a gateway is made. At least this is what happened in legacy-sdk. Hard to say how it will work in future.
Going with |
Let's go with |
If we go that route, I feel |
Agreed -- copy-pasting from ipfs/specs#152:
|
Hi, I just wanted to jump in to say that @heavenlyhash was just visiting me and we discussed this issue, and what we realised, is that it is not possible to have the single slash variants like
Note how the second slash just dissapears? Since it is not possible to have a directory with a zero length name in POSIX, However,
can exist. So basically, |
(@lgierth please let me know if I got this right or missed anything here) Tackled: theory behind Origin's case-insensitivity and CIDsI think the conclusion was that in an ideal world we would have CID/URL normalization done by browser add-on. Add-on would detect requests with unsafe CID (case-sensitive, eg. base58) and convert them to safe ones (case-insensitive, eg. base32/16) before sending them to IPFS gateway. This way Origin based on first segment after Missing: Utility method in js-ipfs-api for CID detection/conversionI did not see it being mentioned anywhere, so I assume it is missing. Missing: WebExtension API for Programmable Protocol HandlerWebExtensions do not provide means for defining Persistent/Programmable Custom Protocol (that stays in address bar and provides proper Origin support). Firefox 54 will only support simple redirects from There is an open ticket at Bugzilla about need for better API for persistent/programmable protocol handler:
That is all I know, hope it helps. |
I'd like to contributes some input on the discussion about address schemes. NURLs?As far as I can tell, there is a loose definition for NURLs. I'm assuming a NURL is a "Nestable URL" and would look something like either dweb vs fsIt is my opinion that neither dweb or fs is an appropriate URI scheme name. My argument is that both are arbitrary, and in the end it doesn't matter what we name them (either will still "work"). It is my opinion that the URI scheme protocol name should reflect what the address actually is: a URI scheme for NURLs. A NURL URI Scheme
This is much like the proposed
The NURL is embedded directly in the URI scheme after a computed origin. The implementation would have full control over the origin, which leads to a decoupling of the NURL address and its origin. CORs for NURLsSense NURLs are directly embedded in the scheme, cross-origin requests can be made possible. Content with an origin of
SecurityIt must be noted that for protocols like HTTP that are subject to CSRF attacks, the same-origin policy should be enforced at the NURL URI scheme level. However, the option for an alternative policy is available for protocols like IPFS. EDITSee Addendum: #6 (comment) |
Base 32 EncodingsMight I suggest the use of Crockford's Encoding for base32 encoded content addresses. It is my opinion that this encoding is the best choice. My reasons:
EDIT Added notes regarding Base 32 encoding and Crockford's Encoding particularly here: ipfs/kubo#4143 (comment) |
Addendum to the topic of NURLI should note that a NURL is an incorrect reference to a NURI mentioned at ipfs/kubo#1678 (comment). It is worth mentioning that neither NURL or NURI currently have formal specification as I am aware. With that said, I see no reason to choose So as @lgierth mentioned:
An
|
Continued in:
|
This is part of the address scheme work described in #3
The underlying requirement:
Firefox, for example, implements https://url.spec.whatwg.org/ not the URL RFC. That's what we need to use if we want our urls to be Web-browser compatible
Background
From @Gozala:
Option: include CID in the origin domain
@Gozala (2017-02-01)
@jbenet
@Gozala (2017-02-06):
@Gozala (2017-02-01)
Option: include public key in the paths
@Gozala (2-17-02-06)
origin domains must be case-insensitive
@Gozala:
@jbenet:
a working solution
@Gozala (2017-02-01)
The text was updated successfully, but these errors were encountered: