Adds scoped permissions #386
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alanshaw
force-pushed
the
feat/scoped-permissions
branch
from
211b372 to
930bf98
Compare
alanshaw
force-pushed
the
feat/scoped-permissions
branch
from
930bf98 to
7737081
Compare
…allows scroll if > 3 lines
Bundled page loaded using browser.windows.create won't show contents unless resized. See https://bugzilla.mozilla.org/show_bug.cgi?id=1402110
lidel
approved these changes
Feb 20, 2018
|
While I was at it, I made ACL dialog work on Android too ✨ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎥 https://youtu.be/v6wuFRDKVBU
This PR introduces scope based permissions - following a similar implementation as service worker registration scopes.
This means that allowing access to:
https://ipfs.io/ipfs/QmQxeMcbqW9npq5h5kyE2iPECR9jxJF4j5x4bSRQ2phLY4/
will allow access to:
https://ipfs.io/ipfs/QmQxeMcbqW9npq5h5kyE2iPECR9jxJF4j5x4bSRQ2phLY4/path/to/something
...but not:
https://ipfs.io/ipfs/QmWfVY9y3xjsixTgbd9AorQxH7VtMpzfx2HaWtsoUYecaX
or other hashes.
resolves #375
Scopes
Permissions are scoped to the origin and path (and sub-paths) of the file from which the permission was requested.
Scoped permissions in
window.ipfswork similarly to how they work for service worker registrations except that the user cannot control the scope, and it is set to the origin and path from which the permission was requested.Scope based permissions allow applications running on an IPFS gateway to be granted different permissions. Consider the following two web sites running on the ipfs.io gateway:
With same-origin policy these two applications would be granted the same permissions. With scoped permissions, these applications will be given a different set of permissions.
e.g.
files.addtohttps://domain.com/files.addto:https://domain.com/filehttps://domain.com/file2.htmlhttps://domain.com/sub/pathshttps://domain.com/sub/paths/filesfiles.addtohttps://domain.com/featurefiles.addto:https://domain.com/feature/filehttps://domain.com/feature/file2.htmlhttps://domain.com/feature/sub/pathshttps://domain.com/feature/sub/paths/fileshttps://domain.com/featuresearch/sub/paths/files(note substring)https://domain.com/features.html(note substring)files.addto:https://domain.com/https://domain.com/files