Redirect gateway-like urls to ipfs:// #15204
Conversation
cypt4
force-pushed
the
brave_21454_1
branch
2 times, most recently
from
0434c69 to
a160422
Compare
| std::vector<std::string> host_parts = base::SplitStringUsingSubstr( | ||
| url.host(), ".", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); | ||
|
|
||
| if (host_parts.size() > 2 && IsValidCID(host_parts.at(0)) && |
There was a problem hiding this comment.
having an example of what original url transforms to which final url would be handy
|
I'd suggest to ask someone from the sec team to look at the parsing code |
Opened sec review https://github.com/brave/security/issues/1063 |
| @@ -104,25 +109,19 @@ int OnHeadersReceived_IPFSRedirectWork( | |||
| if (ctx->ipfs_auto_fallback && !api_gateway && response_headers && | |||
| response_headers->GetNormalizedHeader("x-ipfs-path", &ipfs_path) && | |||
There was a problem hiding this comment.
does ipfs_path still get used anywhere?
There was a problem hiding this comment.
It is used as the marker in this case, content isn't used
|
/build linux |
|
/build macos |
Resolves brave/brave-browser#21454 Urls in format of https://bafy.ipfs.gateway.io or https://gateway.io/ipfs/bafy are now redirected to ipfs:// scheme if x-ipfs-path header is received
| @@ -94,6 +95,13 @@ int OnHeadersReceived_IPFSRedirectWork( | |||
| std::shared_ptr<brave::BraveRequestInfo> ctx) { | |||
| if (!ctx->browser_context) | |||
| return net::OK; | |||
|
|
|||
| // Auto-redirect gateway-like urls is enabled only for top-level frames | |||
| // To avoid mixed content corner cases. | |||
|
|
||
| if (host_parts.size() > 2 && IsValidCID(host_parts.at(0)) && | ||
| host_parts.at(1) == "ipfs") { | ||
| GURL final_url = GURL("ipfs://" + host_parts.at(0) + url.path()); |
There was a problem hiding this comment.
you're redirecting http/https to an ipfs url? I don't think that is the correct way to handle this, you should be using url rewriting to display ipfs as the virtual url
There was a problem hiding this comment.
this is the reverse of what we do when someone enters ipfs:// in the urlbar
There was a problem hiding this comment.
We are checking the response header at the moment
There was a problem hiding this comment.
so this redirects any gateway url? I don't think we should be doing that. If I explicitly enter an ipfs url that uses a different gateway than what I have configured, it should not redirect to my configured gateway. I thought this was only to display ipfs for any urls that matched the configured gateway which can be done with the rewriter.
There was a problem hiding this comment.
so this redirects any gateway url? I don't think we should be doing that. If I explicitly enter an ipfs url that uses a different gateway than what I have configured, it should not redirect to my configured gateway. I thought this was only to display ipfs for any urls that matched the configured gateway which can be done with the rewriter.
Nope, this is about reusing configured gateway to load IPFS resources.
Automatically uses the configured gateway for IPFS resolutions when an IPFS gateway resource is encountered.
As for the manual url input i'll discuss it, maybe this should be exclusion.
Resolves brave/brave-browser#21454 Urls in format of https://bafy.ipfs.gateway.io or https://gateway.io/ipfs/bafy are now redirected to ipfs:// scheme if x-ipfs-path header is received
Sec review https://github.com/brave/security/issues/1063
Resolves
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed)Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on
Test Plan:
"Redirect IPFS resources to the configured IPFS gateway" setting should open ipfs:// urls and, so, should work with IPFS resolve method "ASK"