[Security] Require IPFS Gateways with Origin isolation #16999
Comments
lidel
added
OS/Android
Verified
|
| Brave | 1.30.42 Chromium: 93.0.4577.51 (Official Build) nightly (x86_64) |
|---|---|
| Revision | 762d21050e2da59930c784c09b134d0b0b148188-refs/branch-heads/4577@{#915} |
| OS | macOS Version 11.5.2 (Build 20G95) |
Steps:
- new profile
- launched Brave
- opened
brave://settings/ipfs - input the following expected allowed values and confirmed they were accepted
https://localhost:48081https://dweb.link/https://cf-ipfs.com/
- input the following disallowed values and confirmed they were rejected
http://127.0.0.1:48081https://ipfs.iohttps://cloudflare-ipfs.com
Allowed values
https://localhost:48081 |
https://dweb.link/ |
https://cf-ipfs.com/ |
|---|---|---|
 |
 |
N/A; see #17648 |
Disallowed values
http://127.0.0.1:48081 |
https://ipfs.io |
https://cloudflare-ipfs.com |
|---|---|---|
 |
 |
 |
Verified PASSED using
| Brave | 1.30.66 Chromium: 93.0.4577.63 (Official Build) dev (64-bit) |
|---|---|
| Revision | ff5c0da2ec0adeaed5550e6c7e98417dac77d98a-refs/branch-heads/4577@{#1135} |
| OS | Linux |
Steps:
- new profile
- launched Brave
- opened
brave://settings/ipfs - input the following expected allowed values and confirmed they were accepted
http://localhost:48082https://dweb.link/https://cf-ipfs.com/
- input the following disallowed values and confirmed they were rejected
http://127.0.0.1:48081https://ipfs.iohttps://cloudflare-ipfs.com
Allowed values
http://localhost:48082 |
https://dweb.link/ |
https://cf-ipfs.com/ |
|---|---|---|
 |
 |
N/A; see #17648 |
Disallowed values
http://127.0.0.1:48082 |
https://ipfs.io |
https://cloudflare-ipfs.com |
|---|---|---|
 |
 |
 |
Verification passed on
Brave | 1.30.68 Chromium: 93.0.4577.63 (Official Build) beta (64-bit)
-- | --
Revision | ff5c0da2ec0adeaed5550e6c7e98417dac77d98a-refs/branch-heads/4577@{#1135}
OS | Windows 10 OS Version 2009 (Build 19043.1165)
Steps:
- new profile
- launched Brave
- opened
brave://settings/ipfs - input the following expected allowed values and confirmed they were accepted
https://localhost:48081- LoggedInvalid gateway addressmessage is shown whenhttps://localhost:{any port}is set in IPFS gateway #17966https://dweb.link/https://cf-ipfs.com/
- input the following disallowed values and confirmed they were rejected
http://127.0.0.1:48081https://ipfs.iohttps://cloudflare-ipfs.com
Allowed values
http://localhost:48083 |
https://dweb.link/ |
https://cf-ipfs.com/ |
|---|---|---|
 |
 |
 |
Disallowed values
http://127.0.0.1:48083 |
https://ipfs.io |
https://cloudflare-ipfs.com |
|---|---|---|
 |
 |
 |
LaurenWags
changed the title
|
Removing Android label from this one as Android only uses public gateway as of now. Can create a new issue when Android supports custom gateways |
|
Not sure if this issue should be reopened or if i should report a new one. I'm in the position where i want to run a local IPFS node in my local network but not on my local machine. The reason here is multiple pc's in the same network and i want them all to use the same single IPFS node in the network. Currently brave forbids setting my local network machine as gateway. In my case i can easily work around it by just making an ssh tunnel: But is this really necessary? Do i really have to go through these hoops to get a local node working where for example dweb.link just works? |
|
Yes, this is necessary. What you are describing is not limitation of IPFS or Brave, but the basic security limitation of the web platform. Origin isolation is required in Brave, so you need to use
Running plaintext Gateway in your LAN means it will have non-localhost address, so you need to set up self-signed TLS to ensure your browsing history can't be monitored or spoofed by malicious device in your LAN. If you have |
|
Depending on the gateway implementation this check seems a bit too strict: We have set up our IPFS gateway using a subdomain afaict this isn't in violation of the Subdomain Gateway Specification and should therefore be allowed. Please correct me if otherwise. |
|
I have the same problem as @friedemannf - If I put https://ipfs.my.network I get the Origin Isolation error and I can see the request come in as |
When a public IPFS gateway is used in a browser context, it should ALWAYS provide origin isolation.
Brave allows user to customize public gateway address via settings:
We need to add validation when user submits alternative URL of the gateway:
Brave must validate it is safe for use in browsers and correctly resolves CIDs:
{protocol}://{URL.host}/ipfs/bafkqae2xmvwgg33nmuqhi3zajfiemuzahiwss{protocol}://bafkqae2xmvwgg33nmuqhi3zajfiemuzahiwss.ipfs.{URL.host}Welcome to IPFS :-)cc @diracdeltas @bbondy @spylogsster – I feel this is pretty important to add, protects BRave and IPFS from bad security+PR incidents due to people using insecure gateways.
Test cases
http://localhost:{any port}/is a subdomain gateway from a local IPFS nodehttps://dweb.link/is a subdomain gateway from Protocol Labshttps://cf-ipfs.com/is a subdomain gateway from Cloudflarehttp://127.0.0.1:{any port}/is a path gateway from a local IPFS node (no origin isolation)https://ipfs.iois a legacy path gateway from Protocol Labshttps://cloudflare-ipfs.comis a legacy path gateway from CloudflareThe text was updated successfully, but these errors were encountered: