feat: improved Origin detection via img tag #117
Conversation
This normalizes gateways.json list to use canonical path-based notation, and changes the way we detect Origin support. We now are doing real network-based test: we try to fetch 1x1 png image, so the test will work even when CORS is not set up, or when JS request is blocked by browser/extensions like Privacy Badger. License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
| "https://ipfs.2read.net/ipfs/:hash", | ||
| "https://storjipfs-gateway.com/ipfs/:hash", | ||
| "https://ipfs.runfission.com/ipfs/:hash", | ||
| "https://trusti.id/ipfs/:hash", | ||
| "https://:hash.ipfs.cosmos-ink.net", |
There was a problem hiding this comment.
I've reached out to @LinusCDE, and we are working on a fix, but for now its better to remove it to reduce confusion.
We will add it back when it supports proper subdomain isolation and interop with path-gateways
There was a problem hiding this comment.
Good idea. Something came up, so it's good to remove it for now. I'll try to address it tomorrow.
Would a redirect from https://cosmos-ink.net/ipfs/<cid> and https://ipfs.cosmos-ink.net/ipfs/<cid> to https://<cid>.ipfscosmos-ink.net/ to the trick?
What about the IPNS? Same for that?
There was a problem hiding this comment.
Yes, redirects will work (ideally, redirect returned by go-ipfs, because that gives you CID conversion for free)
For ipns you could use https://<libp2p-key>.ipns.cosmos-ink.net/
There was a problem hiding this comment.
@lidel I've now added a rule that should fix that.
if ($request_uri ~ ^/(?<prefix>ipfs|ipns)/(?<full_path>(?<cid_1>.*?)(?=/)(?<cid_1_path>/?.*)|(?<cid_2>.*))$) {
# Either $cid_1 or $cid_2 will be empty. When $cid_1 is used, $cid_1_path is not empty as well
return 301 "https://$cid_1$cid_2.$prefix.cosmos-ink.net$cid_1_path";
}
This nginx rule is applied to ipfs.cosmos-ink.net, ipns.cosmos-ink.net, cosmos-ink.net.
Basicially for any path like https://(ipfs.)cosmos-ink.net/ipfs/<cid>/<otherstuff> I 301 it to https://<cid>.ipfs.cosmos-ink.net/<otherstuff>. Same goes for ipns.
I also added your PublicGateway suggestion from your second mail.
ideally, redirect returned by go-ipfs, because that gives you CID conversion for free
Running it on my Pi (cosmos-ink.net main domain) would be probably more trouble at this point, because I would need to rebuild the docker-image for armv7 or aarch64 support. But for any conversion that isn't https://(ipfs|ipns).cosmos-ink.net/(ipfs/ipns)/..., go-ipfs can feel free to convert that.
For the ipfs/ipns subdomains I also added two entries to prevent using that redirection rule when the cid is already in the subdomain (to allow https://<cid>.ipfs.cosmos-ink.net/ipfs/... in case ipfs web apps have a directory called "ipfs").
Could you check whether it now works as expected? I'll probably then create a PR to re-add the entry.
There was a problem hiding this comment.
It works fine for CIDv1, but redirect alone is not enough if someone passes CIDv0.
To illustrate, if you open https://cosmos-ink.net/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR it should redirect to https://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi.ipfs.cosmos-ink.net/
(go-ipfs takes care of CID conversion, without the cid conversion the Qm.. CIDv0 will be force-lowercased and fail).
ps. Do you mind commenting in ipfs/kubo#4931 regarding the need for docker image working out of the box on rpi?
|
Would it be possible to add alt text for origin isolation to disambiguate what the padlock means? I don't want to imply too much security. |
License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
|
Good point. I don't think alt text is enough to clear this up. |
| // this is more robust check than loading js, as it won't be blocked | ||
| // by privacy protections present in modern browsers or in extensions such as Privacy Badger | ||
| const imgCheckTimeout = 15000 | ||
| return new Promise((resolve, reject) => { |
There was a problem hiding this comment.
load events + timers + promises is some sticky business...
There was a problem hiding this comment.
indeed: entire app.js needs to be re-written from scratch in modern JS (painfully needs rate-limiting via execution queues, similar to ones we have in js-libp2p-delegated-*)
@jessicaschilling just like with cid.ipfs.io, we should rewrite this app (both backend and frontend) at some point (2021 Q1/Q2-ish?)
License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
## 1.0.0 (2023-04-17) ### Features * /ipns/ check ([#313](#313)) ([10a5c13](10a5c13)) * add countly metrics ([#309](#309)) ([c727202](c727202)) * add cthd.icu ([#294](#294)) ([a2e0102](a2e0102)) * add https://ipfs.czip.it ([#374](#374)) ([f3dde51](f3dde51)) * add https://ipfs.joaoleitao.org ([#323](#323)) ([787f131](787f131)) * add ipfs.1-2.dev ([#169](#169)) ([c764ad6](c764ad6)) * add ipfs.drink.cafe ([#116](#116)) ([cc84899](cc84899)) * add ipfs.jpu.jp ([#348](#348)) ([b52b8c7](b52b8c7)) * add ipfs.litnet.work ([#222](#222)) ([1fd2e68](1fd2e68)) * add ipfs.pinksheep.whizzzkid.dev ([#326](#326)) ([d40a2c1](d40a2c1)) * add ipfs.soul-network.com ([#389](#389)) ([57fe04d](57fe04d)) * add nftstorage.link gateway ([#204](#204)) ([e588108](e588108)) * add Onion Gateway (TOR) fzdqwfb5ml56oadins5jpuhe6ki6bk33umri35p5kt2tue4fpws5efid.onion ([#212](#212)) ([01ff12f](01ff12f)) * add w3s.link gateway ([#288](#288)) ([000a26f](000a26f)) * country flags ([#96](#96)) ([84a31fe](84a31fe)) * Create CODEOWNERS ([#283](#283)) ([b62b41c](b62b41c)) * Deleted https://ipfs.czip.it ([#393](#393)) ([77d67a4](77d67a4)) * Implementing Trustless Server Checks ([#310](#310)) ([4a2c926](4a2c926)) * improved Origin detection via img tag ([#117](#117)) ([8407e80](8407e80)) * improved origin isolation check ([#148](#148)) ([abd4c1c](abd4c1c)) * Introducing Service Worker For Cache Busting ([#357](#357)) ([0536782](0536782)) * new gateway https://ipfs.tayfundogdas.me/ipfs ([#321](#321)) ([9d5b552](9d5b552)) * remove ipfs.foxgirl.dev ([#155](#155)) ([15fd028](15fd028)) * remove smartsignature.io ([#146](#146)) ([77b45b6](77b45b6)) * subdomain gateways and Origin isolation check ([#78](#78)) ([afcbffa](afcbffa)) * update geoip dataset (2020-10-13) ([4187738](4187738)) * update geoip dataset (2020-10-13) ([#115](#115)) ([782b66b](782b66b)) * use typescript ([#194](#194)) ([10958e6](10958e6)) ### Bug Fixes * ⏪ Reverting [#323](#323): ipfs.joaoleitao.org ([#394](#394)) ([b5bb34c](b5bb34c)) * **ci:** add empty commit to fix lint checks on master ([3ae6aa0](3ae6aa0)) * **ci:** skip test if no code changed ([#210](#210)) ([7d6d628](7d6d628)) * cleanup entries missing DNS A record ([#180](#180)) ([2b7ad30](2b7ad30)) * do not redirect IPNS checks ([#325](#325)) ([79bb51d](79bb51d)) * flag column and new ipfs-geoip dataset ([#319](#319)) ([f5fc723](f5fc723)) * metrics consent prompt location and styling ([#353](#353)) ([e709f2b](e709f2b)) * npm start should work without prior cmds ([#307](#307)) ([7ebe2e5](7ebe2e5)) * opt-out from redirects done by browser extension ([6dd5f51](6dd5f51)) * origin typo ([#200](#200)) ([d198abb](d198abb)) * **origin:** confirm paths redirect to subdomain ([#156](#156)) ([b837a35](b837a35)) * remove heart ([#332](#332)) ([f61ec84](f61ec84)) * update ipfs.ivoputzer.xyz gateway entry ([#152](#152)) ([4b760d9](4b760d9)) * update metrics collection banner to modal with management toggle settings ([#373](#373)) ([d925b36](d925b36)) * update redirect opt-out symbol to final version ([efd5dbf](efd5dbf)) ### Trivial Changes * **deps-dev:** bump aegir from 36.2.3 to 37.5.5 ([#305](#305)) ([1d62fc3](1d62fc3)) * **deps-dev:** bump aegir from 37.5.5 to 37.5.6 ([#316](#316)) ([d3cd9bd](d3cd9bd)) * **deps-dev:** bump browserslist from 4.19.3 to 4.21.4 ([#295](#295)) ([7850071](7850071)) * **deps-dev:** bump eslint-config-ipfs from 2.1.0 to 3.1.1 ([#300](#300)) ([f1bce91](f1bce91)) * **deps-dev:** bump eslint-config-ipfs from 3.1.1 to 3.1.2 ([#315](#315)) ([0506c19](0506c19)) * **deps-dev:** bump ipfs from 0.62.1 to 0.64.2 ([#296](#296)) ([d47e503](d47e503)) * **deps-dev:** bump ipfs from 0.64.2 to 0.65.0 ([#322](#322)) ([b400349](b400349)) * **deps-dev:** bump typescript from 4.6.2 to 4.8.3 ([#293](#293)) ([c56afa1](c56afa1)) * **deps-dev:** bump typescript from 4.8.3 to 4.8.4 ([#304](#304)) ([899b4fc](899b4fc)) * **deps:** bump @dutu/rate-limiter from v1.3.0 to v1.3.1 ([#299](#299)) ([5e598e8](5e598e8)) * **deps:** bump aegir from 36.1.3 to 36.2.3 ([#202](#202)) ([8fa5851](8fa5851)) * **deps:** bump jpeg-js from 0.4.3 to 0.4.4 ([#253](#253)) ([65f99f3](65f99f3)) * **deps:** ipfs-http-client@58.0.1 ([#308](#308)) ([1bcda7c](1bcda7c)) * improve submission/PR info ([#119](#119)) ([a238f3f](a238f3f)) * improved security notes ([#151](#151)) ([5893f35](5893f35)), closes [#148](#148) [/github.com//pull/151#issuecomment-857193370](https://github.com/ipfs//github.com/ipfs/public-gateway-checker/pull/151/issues/issuecomment-857193370) * ipfs-geoip v5 ([0d8091e](0d8091e)) * ipfs-geoip@8.0.0 ([c4e8180](c4e8180)) * readme cleanup ([798777e](798777e)) * remove dead hostnames ([#280](#280)) ([e861280](e861280)) * remove expired domains ([#179](#179)) ([16c9985](16c9985)) * remove ipfs-zod.tv ([#234](#234)) ([6f79a80](6f79a80)) * removed birds-are-nice.me ([#173](#173)) ([ff2e05c](ff2e05c)), closes [#172](#172) * removing my gateway for now ([#335](#335)) ([cf61e68](cf61e68)) * style formatting and linting fixes ([#366](#366)) ([a81d48b](a81d48b)) * Update .github/workflows/stale.yml [skip ci] ([5fc4a68](5fc4a68)) * update readme with link to fleek ([#337](#337)) ([3dc5dbe](3dc5dbe))
This PR:
normalizes
gateways.jsonlist to use canonical path-based notationchanges the way we detect Origin support by doing a robust check
.js(and always looked offline before)adds padlock to gateways that have Origin isolation, as a soft incentive to provide it:
Distributes the number of checks page does at the same time in the background