fix(origin): confirm paths redirect to subdomain #156
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This makes the Origin check more strict: after confirming subdomains
work, additional request for path is made, to confirm legacy paths are
redirected to expected subdomains.
Adding this test is necessary, because there are misconfigured gateways
that don't redirect /ipfs/{cid} paths to {cid}.ipfs.example.com
subdomains and return data from the root origin, effectively defeating
any Origin isolation provided by subdomains.
License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
|
I can't review this code but the check you're describing makes perfect sense to me, thanks. My only request would be that CID we're using to test subdomain redirection not be static so a malicious/lazy gateway couldn't just bypass it with a basic redirect that doesn't even understand the protocol. |
|
Good idea @schomatis, however I've filled #157 for tracking that – dynamic CID complicate the app by an order of magnitude, and need to be tackled in separate PR, and I want to land this before that, as it's already better than old state. |
github-actions bot
pushed a commit
that referenced
this pull request
Apr 17, 2023
## 1.0.0 (2023-04-17) ### Features * /ipns/ check ([#313](#313)) ([10a5c13](10a5c13)) * add countly metrics ([#309](#309)) ([c727202](c727202)) * add cthd.icu ([#294](#294)) ([a2e0102](a2e0102)) * add https://ipfs.czip.it ([#374](#374)) ([f3dde51](f3dde51)) * add https://ipfs.joaoleitao.org ([#323](#323)) ([787f131](787f131)) * add ipfs.1-2.dev ([#169](#169)) ([c764ad6](c764ad6)) * add ipfs.drink.cafe ([#116](#116)) ([cc84899](cc84899)) * add ipfs.jpu.jp ([#348](#348)) ([b52b8c7](b52b8c7)) * add ipfs.litnet.work ([#222](#222)) ([1fd2e68](1fd2e68)) * add ipfs.pinksheep.whizzzkid.dev ([#326](#326)) ([d40a2c1](d40a2c1)) * add ipfs.soul-network.com ([#389](#389)) ([57fe04d](57fe04d)) * add nftstorage.link gateway ([#204](#204)) ([e588108](e588108)) * add Onion Gateway (TOR) fzdqwfb5ml56oadins5jpuhe6ki6bk33umri35p5kt2tue4fpws5efid.onion ([#212](#212)) ([01ff12f](01ff12f)) * add w3s.link gateway ([#288](#288)) ([000a26f](000a26f)) * country flags ([#96](#96)) ([84a31fe](84a31fe)) * Create CODEOWNERS ([#283](#283)) ([b62b41c](b62b41c)) * Deleted https://ipfs.czip.it ([#393](#393)) ([77d67a4](77d67a4)) * Implementing Trustless Server Checks ([#310](#310)) ([4a2c926](4a2c926)) * improved Origin detection via img tag ([#117](#117)) ([8407e80](8407e80)) * improved origin isolation check ([#148](#148)) ([abd4c1c](abd4c1c)) * Introducing Service Worker For Cache Busting ([#357](#357)) ([0536782](0536782)) * new gateway https://ipfs.tayfundogdas.me/ipfs ([#321](#321)) ([9d5b552](9d5b552)) * remove ipfs.foxgirl.dev ([#155](#155)) ([15fd028](15fd028)) * remove smartsignature.io ([#146](#146)) ([77b45b6](77b45b6)) * subdomain gateways and Origin isolation check ([#78](#78)) ([afcbffa](afcbffa)) * update geoip dataset (2020-10-13) ([4187738](4187738)) * update geoip dataset (2020-10-13) ([#115](#115)) ([782b66b](782b66b)) * use typescript ([#194](#194)) ([10958e6](10958e6)) ### Bug Fixes * ⏪ Reverting [#323](#323): ipfs.joaoleitao.org ([#394](#394)) ([b5bb34c](b5bb34c)) * **ci:** add empty commit to fix lint checks on master ([3ae6aa0](3ae6aa0)) * **ci:** skip test if no code changed ([#210](#210)) ([7d6d628](7d6d628)) * cleanup entries missing DNS A record ([#180](#180)) ([2b7ad30](2b7ad30)) * do not redirect IPNS checks ([#325](#325)) ([79bb51d](79bb51d)) * flag column and new ipfs-geoip dataset ([#319](#319)) ([f5fc723](f5fc723)) * metrics consent prompt location and styling ([#353](#353)) ([e709f2b](e709f2b)) * npm start should work without prior cmds ([#307](#307)) ([7ebe2e5](7ebe2e5)) * opt-out from redirects done by browser extension ([6dd5f51](6dd5f51)) * origin typo ([#200](#200)) ([d198abb](d198abb)) * **origin:** confirm paths redirect to subdomain ([#156](#156)) ([b837a35](b837a35)) * remove heart ([#332](#332)) ([f61ec84](f61ec84)) * update ipfs.ivoputzer.xyz gateway entry ([#152](#152)) ([4b760d9](4b760d9)) * update metrics collection banner to modal with management toggle settings ([#373](#373)) ([d925b36](d925b36)) * update redirect opt-out symbol to final version ([efd5dbf](efd5dbf)) ### Trivial Changes * **deps-dev:** bump aegir from 36.2.3 to 37.5.5 ([#305](#305)) ([1d62fc3](1d62fc3)) * **deps-dev:** bump aegir from 37.5.5 to 37.5.6 ([#316](#316)) ([d3cd9bd](d3cd9bd)) * **deps-dev:** bump browserslist from 4.19.3 to 4.21.4 ([#295](#295)) ([7850071](7850071)) * **deps-dev:** bump eslint-config-ipfs from 2.1.0 to 3.1.1 ([#300](#300)) ([f1bce91](f1bce91)) * **deps-dev:** bump eslint-config-ipfs from 3.1.1 to 3.1.2 ([#315](#315)) ([0506c19](0506c19)) * **deps-dev:** bump ipfs from 0.62.1 to 0.64.2 ([#296](#296)) ([d47e503](d47e503)) * **deps-dev:** bump ipfs from 0.64.2 to 0.65.0 ([#322](#322)) ([b400349](b400349)) * **deps-dev:** bump typescript from 4.6.2 to 4.8.3 ([#293](#293)) ([c56afa1](c56afa1)) * **deps-dev:** bump typescript from 4.8.3 to 4.8.4 ([#304](#304)) ([899b4fc](899b4fc)) * **deps:** bump @dutu/rate-limiter from v1.3.0 to v1.3.1 ([#299](#299)) ([5e598e8](5e598e8)) * **deps:** bump aegir from 36.1.3 to 36.2.3 ([#202](#202)) ([8fa5851](8fa5851)) * **deps:** bump jpeg-js from 0.4.3 to 0.4.4 ([#253](#253)) ([65f99f3](65f99f3)) * **deps:** ipfs-http-client@58.0.1 ([#308](#308)) ([1bcda7c](1bcda7c)) * improve submission/PR info ([#119](#119)) ([a238f3f](a238f3f)) * improved security notes ([#151](#151)) ([5893f35](5893f35)), closes [#148](#148) [/github.com//pull/151#issuecomment-857193370](https://github.com/ipfs//github.com/ipfs/public-gateway-checker/pull/151/issues/issuecomment-857193370) * ipfs-geoip v5 ([0d8091e](0d8091e)) * ipfs-geoip@8.0.0 ([c4e8180](c4e8180)) * readme cleanup ([798777e](798777e)) * remove dead hostnames ([#280](#280)) ([e861280](e861280)) * remove expired domains ([#179](#179)) ([16c9985](16c9985)) * remove ipfs-zod.tv ([#234](#234)) ([6f79a80](6f79a80)) * removed birds-are-nice.me ([#173](#173)) ([ff2e05c](ff2e05c)), closes [#172](#172) * removing my gateway for now ([#335](#335)) ([cf61e68](cf61e68)) * style formatting and linting fixes ([#366](#366)) ([a81d48b](a81d48b)) * Update .github/workflows/stale.yml [skip ci] ([5fc4a68](5fc4a68)) * update readme with link to fleek ([#337](#337)) ([3dc5dbe](3dc5dbe))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR makes the Origin check more strict: after confirming subdomains work, additional request for path is made, to confirm legacy paths are redirected to expected subdomains.
Adding this test is necessary, because there are misconfigured gateways that don't redirect /ipfs/{cid} paths to {cid}.ipfs.example.com subdomains and return data from the root origin, effectively defeating any Origin isolation provided by subdomains. 🙈
This fix will incentivize gateway operators to fix such misconfigurations + inform users about real risks.
cc @schomatis fyi an example of misconfigured gateway:
TLDR: This PR correctly shows⚠️ next to
ipfs.drink.cafe:)