-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sites under public gateways list can't make XHR request #45
Comments
Indeed: I've put a breakpoint in the We probably need to dig into jQuery internals to understand this better, (For future reference: jQuery used by http://bin.kubuxu.ovh is v1.7.1) |
Also the request is not even sent (I Wireshark'ed it). |
Ok, I (probably) know what is happening. Doing XHR request with gateway redirect enabled is effectively doing cross-domain scripting. Firefox protects users from XSS and executes requests like this only if target server is explicitly configured to accept them. It is indicated via CORS headers and what Firefox does here it to issue I have go-ipfs v0.3.11-dev and it does not support
What is more, CORS headers are also missing in gateway responses:
It is a known issue and was mentioned in ipfs/kubo#1215 (comment) and ipfs/kubo#934 (comment). So it is not a bug in Addon/Firefox, but the default behaviour of IPFS Gateway. 😧 Running writable gateway with CORS headers is supported by go-ipfs, but you need to enable it manually:
Then restart the daemon. Sadly,
I'll pursue it further, perhaps we need add |
👍 |
OPTIONS support fixed upstream. |
I have site http://bin.kubuxu.ovh, its A records are same as ipfs.io. If I add it to the public gateways list XHR request to
/ipfs/[some hash]
fails because it is rerouted to local gateway which breaks AJAX somehow. In my case solution would be to redirect site to:http://localhost:8080/ipns/bin.kubuxu.ovh/
then XHR will be allowed to fetch data from/ipfs/...
.The solution for this problem might be tricky as for example http://ipfs.pics has to make requests to severs itself (it does not have dnslink).
The text was updated successfully, but these errors were encountered: