Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow ipfs-companion browser extension to access RPC API #8690

Merged
merged 2 commits into from
Mar 16, 2022
Merged

fix: allow ipfs-companion browser extension to access RPC API #8690

merged 2 commits into from
Mar 16, 2022

Conversation

meandavejustice
Copy link
Contributor

@meandavejustice
Copy link
Contributor Author

cc/ @lidel

@BigLep BigLep requested a review from lidel March 10, 2022 08:16
@BigLep BigLep added this to the Best Effort Track milestone Mar 10, 2022
@meandavejustice meandavejustice force-pushed the feat/add-companion-id-to-allowed-origins branch from a565133 to 7978e05 Compare March 16, 2022 17:07
@meandavejustice
fix: add companion ids to allow origins
c48b612 
- fixes ipfs#8689
- Adds the chrome-extension ids for ipfs-companion and
ipfs-companion-beta to the allowed origins list, this
allows us to accesss ipfs api from a manifest v3 extension.
- added tests in t0401-api-browser-security.sh
@meandavejustice meandavejustice force-pushed the feat/add-companion-id-to-allowed-origins branch from 7978e05 to c48b612 Compare March 16, 2022 17:12
@lidel lidel modified the milestones: Best Effort Track, go-ipfs 0.13 Mar 16, 2022
@lidel lidel changed the title fix: add companion ids to allow origins fix: allow ipfs-companion browser extension to access RPC API Mar 16, 2022
lidel
lidel approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@lidel lidel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I'll add tests to confirm this still works when one defined own CORS safelist.

This ensures we don't break common use cases:

  • users of ipfs-desktop: it adds own CORS entries
  • users of webui.ipfs.io (bleeding edge version) who manually added it to CORS safelist
  • webui developers, who safelist localhost Origins for local dev

@lidel
fix: companion when custom CORS *-Origin is set
994ef08 
Companion extension should be able to access RPC API even when custom
Access-Control-Allow-Origin is set
@lidel lidel force-pushed the feat/add-companion-id-to-allowed-origins branch from 35ac0b2 to 994ef08 Compare March 16, 2022 22:51
@lidel lidel merged commit 6774ef9 into ipfs:master Mar 16, 2022
@meandavejustice meandavejustice deleted the feat/add-companion-id-to-allowed-origins branch March 17, 2022 00:00
@lidel lidel mentioned this pull request Mar 21, 2022
Closed
@lidel lidel mentioned this pull request Oct 19, 2022
Closed
@whizzzkid whizzzkid mentioned this pull request Dec 21, 2022
Merged
9 tasks
@lidel lidel mentioned this pull request Feb 22, 2023
Open
@whizzzkid whizzzkid mentioned this pull request Mar 15, 2023
Closed
13 tasks
@lidel lidel mentioned this pull request Aug 21, 2023
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lidel lidel lidel approved these changes

Assignees

@meandavejustice meandavejustice

Labels
None yet
Projects
No open projects
IPFS Shipyard Team
Archived in project
Milestone
go-ipfs 0.13
Development

Successfully merging this pull request may close these issues.

Add ipfs-companion chrome extension id to accepted origins for future manifest v3 version
3 participants
@meandavejustice @lidel @BigLep