-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
window.ipfs injected after page loaded #362
Comments
What about emitting an event on document called |
@RangerMauve that's a great idea IMO |
Hm, I'm not sure I agree. So the usage I would like to see is something like this: if (windows.ipfs) {
startApp(window.ipfs)
} else {
require('ipfs').then((ipfs) => {
const node = new Ipfs()
node.once('ready', () => {
startApp(node)
})
})
} This little snippet would load extra code + wait for node to get ready before starting the application. But if Now, if we have a So I would argue we need to expose |
I agree with @victorbjelkholm it should just be available as soon as user scripts start running on the web page. The content script is run at We can't use the manifest to define that the content script should run at I reckon it can be fixed, and will look into it asap. |
@alanshaw @victorbjelkholm I agree, if |
Is this to make the config option work? If the option is disabled, we could just have all commands fail as if the permission wasn't granted. |
@lgierth problem is that if we inject the script, we can check the permissions but those functions are async, giving us the same problem as we have now. They won't finish until the page has been loaded probably. |
@victorbjelkholm What about injecting a |
TLDR; There's no way of programmatically adding A proposal (mostly thanks to @lgierth for the suggestion):
The gory details: I was assuming that I tried executing the content script when the tab updated status was In Chrome, there seems to be no event we can listen to where using I also tried executing the script in A bug linked from that bug suggests that we might be able to use
😢 😭
So, according to my research it's not possible in Chrome atm, so I'm proposing the following changes:
|
Yep, I'd find it easier to reason about if installing companion meant I'm ok with completely removing the companion setting to toggle |
I removed my comment at #368 (review) that was arguing for disabling property (sorry, been reading github in reverse order today 🙃 ) I think at this stage I am 👍 for enabling "Companion === I think we should rename the property at the Preferences page to something like "Allow websites to ask for access to Question: what happens if my IPFS node goes down, but I still have |
Then the calls would fail and the developer of the application needs to handle the error. Regarding ACL per siteThe address for checking the permissions needs to be the full path, but without the hash and query parameters. Otherwise applications running on a gateway gets access to other apps running on the same gateway. |
This change enables Firefox users to disable creation of window.ipfs, solving fingerprinting issue raised in: #451 The key difference between tabs.executeScript and contentScripts API is that the latter provides guarantee to execute before anything else. Chrome does not provide contentScripts API and we need to statically load content_script via manifest. More info on the underlying issue: #368 #362 (comment)
This change enables Firefox users to disable creation of window.ipfs, solving fingerprinting issue raised in: #451 The key difference between tabs.executeScript and contentScripts API is that the latter provides guarantee to execute before anything else. Chrome does not provide contentScripts API and we need to statically load content_script via manifest. More info on the underlying issue: #368 #362 (comment)
This change enables Firefox users to disable creation of window.ipfs, solving fingerprinting issue raised in: #451 The key difference between tabs.executeScript and contentScripts API is that the latter provides guarantee to execute before anything else. Chrome does not provide contentScripts API and we need to statically load content_script via manifest. More info on the underlying issue: #368 #362 (comment)
This PR enables Firefox users to disable creation of `window.ipfs` attribute via _Preferences_ screen, solving fingerprinting issue raised in #451. It requires webpack, so should be merged after #498 ### Background Existing `tabs.executeScript` API with `runAt: 'document_start'` flag was executing too late and page scripts were unable to detect `window.ipfs` correctly. More info on the underlying issue: #368 #362 (comment) As a workaround that worked in both Chrome and Firefox, we were forced to always load content script via manifest definition. This meant no control over when it is loaded and no easy off switch. If `window.ipfs` was disabled via _Preferences_, it was throwing an Error on access, but remained in the scope. Mozilla added [`contentScripts`](https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/contentScripts/register) API in Firefox 59. The key difference between `tabs.executeScript` and `contentScripts` API is that the latter provides guarantee to execute before anything else on the page, passing [our synchronous smoke test](https://ipfs-shipyard.github.io/ipfs-companion/docs/examples/window.ipfs-fallback.html). ### Known Issues Chrome does not provide `contentScripts` API so it will continue to statically load `content_script` via manifest. Hopefully with time, other browser vendors will adopt the new API.
Great work so far on
window.ipfs
, it's amazing to have IPFS embedded directly in the pages without having to build or do anything! Looking forward to perfecting it.One issue I hit was with my test page from my previous experiments: https://github.com/VictorBjelkholm/js-ipfs-in-the-browser/blob/master/testpage.html
I've made two versions. One is the original which checks if
window.ipfs
is defined, and then does aipfs.id()
call. This does not work as thewindow.ipfs
has not been injected when that code is being executed. https://ipfs.io/ipfs/QmW9EQSoL4WSPXy8UwZJjJ7xmrhiEY4UzWZ85LYSvf3e4jA second version I made introduces a
setTimeout
of500
milliseconds. This one works, as the script has had time to inject and load the script before the code is being executed. https://ipfs.io/ipfs/QmY49HH5pABacU5gSdXB12vQim6U2oXrTVefD3oTMvRCQvIf you look at my previous example, I define in the
manifest.json
that the script should be injected at thedocument_start
(https://github.com/VictorBjelkholm/js-ipfs-in-the-browser/blob/de2bdc82d3dbe05060814ea94c666e6c3d290c76/manifest.json#L21), so pages will instantly be able to accesswindow.ipfs
web. I'm guessing ipfs-companion is not doing this, as we don't want to injectipfs.window
if the option is not turned on.My thinking is that we should rather go the
manifest.json
way, and inject the content-script always, but only do the expose if the option is turned on. This would solve the problem.The text was updated successfully, but these errors were encountered: