Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: improved security notes #151

Merged
merged 4 commits into from
Jun 9, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,28 @@

View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-gateway-checker/

[![Screenshot of Public Gateway Checker](https://gateway.ipfs.io/ipfs/QmZBvMaV3EBtuUB4yGD5gGJwmEyePpk2sWjvPEoLJKcH5D)](https://ipfs.github.io/public-gateway-checker/)
[![Screenshot of Public Gateway Checker](https://user-images.githubusercontent.com/157609/121263486-f7fb2800-c8b5-11eb-9061-0b6f586a6f25.png)](https://ipfs.github.io/public-gateway-checker/)


## SECURITY NOTES

- The list contains gateways operated by various parties, coordinated by loose mutual consensus, without a central governing authority. Protocol Labs operates and is responsible for only two of the listed gateways: `ipfs.io` and `dweb.link`.
- Gateways without origin isolation will be marked with ⚠️, indicating they are not safe for use cases that require private local storage of data or credentials. [Learn more](https://github.com/ipfs/public-gateway-checker/issues/150).
>>>>>>> 3cd5478 (docs: improved security notes)

**NOTE:** With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such.

## Adding a new public gateway

lidel marked this conversation as resolved.
Show resolved Hide resolved

If you'd like to add a new public gateway, please edit `gateways.json`:
1. Add the gateway's address to the bottom of the list
2. Make sure the final item in the list does **not** have a comma at the end, but all preceding items do
3. If you care about security of websites loaded via your gateway, make sure it is set up as a [subdomain gateway](https://docs.ipfs.io/how-to/address-ipfs-on-web/#subdomain-gateway). See [config docs](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gatewaypublicgateways) and [recipes](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gateway-recipes) for go-ipfs, and [learn more here](https://github.com/ipfs/public-gateway-checker/issues/150).

Then, submit a pull request for this change. Be sure to follow all the directions in the pull request template so your PR can be triaged as quickly as possible.



## Testing locally

```console
Expand Down
15 changes: 12 additions & 3 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,18 @@ <h1 class='f3 fw2 montserrat aqua ttu ma0'>Public Gateways</h1>
</header>

<div class="ph4-l pt4-l">
<div id="origin-warning" class="f5 pb2">
<strong>Security disclaimer:</strong> avoid storing sensitive data (or providing credentials) on websites loaded via gateways marked with <big>⚠️ </big><br/>
These are legacy gateways for fetching standalone data, not designed to serve dapps/websites (<strong>they do not provide <a href="https://docs.ipfs.io/how-to/address-ipfs-on-web/#path-gateway">origin isolation</a></strong>).
<div id="origin-warning" class="f5 pa2 tl">
<p>SECURITY NOTES</p>
<ul class="pl3">
<li>Avoid storing sensitive data (or providing credentials) on websites loaded via gateways marked with <big>⚠️ </big><br/>
These are legacy gateways for fetching standalone data, not designed to serve dapps/websites.<br/>
<strong>They do not provide <a href="https://docs.ipfs.io/how-to/address-ipfs-on-web/#path-gateway">origin isolation</a></strong>.
</li>
<li class="pt2">
The list contains gateways operated by various parties, coordinated by loose mutual consensus, <strong>without a central governing authority</strong>.<br/>
Protocol Labs operates and is responsible for only two of the listed gateways: <code>ipfs.io</code> and <code>dweb.link</code>.
</li>
</ul>
</div>
<div id="checker.stats" class="Stats monospace f6"></div>
<div id="checker.results" class="Results monospace f6">
Expand Down
18 changes: 18 additions & 0 deletions styles.css
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,21 @@ div.Node.origin div.Link::after {
div.Node:not(.online):not(:first-child) {
opacity: .5
}

div#origin-warning {
padding: .1rem 1.5rem;
border-left: 4px solid #e7c000;
background-color: #fff7d2;
color: #34373f;
}

div#origin-warning p {
letter-spacing: .5px;
color: #b29400;
font-weight: 600;
margin-bottom: -.4rem;
}

div#origin-warning ol, div#origin-warning p, div#origin-warning ul {
line-height: 1.7;
}