-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core/corehttp: wrap gateway with headers, deprecate gateway /api/v0 #10311
Conversation
hacdias
commented
Jan 19, 2024
•
edited
Loading
edited
- Merge gateway: extract CORS to headers middleware boxo#569.
- Update to Boxo main
eb1fdb0
to
16db5fc
Compare
Note: the way we built our muxer is making this a bit more complicated than I expected. If we wrap the hostname option with the headers middelware, than all requests will have the headers, including the API and so forth. I have to take a look to see what is the best/most feasible way of implementing this. |
Conversation with @lidel:
|
16db5fc
to
446beee
Compare
ffeee17
to
7923549
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thank you for cleaning this up ❤️
This simplifies handling of /api/v0 on the gateway port, which we want to remove anyway (and only expose on RPC API port), so no concerns.
In case someone reads this and is confused what is happening in this PR: this is just a cleanup that makes boxo/gateway
more flexible. We track missing specs in ipfs/specs#423. For Kubo user there is no functional difference, in both cases end user hitting /api/v0 gets 403 response for non-localhost CORS request:
Before
$ curl -i "http://127.0.0.1:8080/api/v0/resolve?arg=/ipns/ipfs.tech" -H "Origin: https://example.com"
HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=utf-8
Vary: Origin
X-Content-Type-Options: nosniff
Date: Tue, 23 Jan 2024 18:47:00 GMT
Content-Length: 16
403 - Forbidden
After
curl -i "http://127.0.0.1:8080/api/v0/resolve?arg=/ipns/ipfs.tech" -H "Origin: https://example.com" ~
HTTP/1.1 403 Forbidden
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Headers: Range
Access-Control-Allow-Headers: User-Agent
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET
Access-Control-Allow-Methods: HEAD
Access-Control-Allow-Methods: OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Access-Control-Expose-Headers: Content-Range
Access-Control-Expose-Headers: X-Chunked-Output
Access-Control-Expose-Headers: X-Ipfs-Path
Access-Control-Expose-Headers: X-Ipfs-Roots
Access-Control-Expose-Headers: X-Stream-Output
Content-Type: text/plain; charset=utf-8
Link: <https://github.com/ipfs/kubo/issues/10312>; rel="deprecation"; type="text/html"
Vary: Origin
X-Content-Type-Options: nosniff
Date: Tue, 23 Jan 2024 18:44:52 GMT
Content-Length: 16
403 - Forbidden
Co-authored-by: Marcin Rataj <lidel@lidel.org>
Co-authored-by: Marcin Rataj <lidel@lidel.org>
e6ab458
to
d739b5f
Compare