Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Security] Even more strict on address bar for IPFS

See original GitHub issue

This issue https://github.com/brave/brave-browser/issues/13872 makes it so we only use ipns:// and ipfs:// for configured gateways.

This issue is to track being even more strict and only replacing ipfs:// when there is a valid CID.

This is about the reverse lookup code which will show ipfs:// We only want to do that when it’s a valid CID. For <cid>.ipfs.localhost:<port>

If <cid> is not in the right format, we shouldn’t show ipfs:// reverse mapping

Issue Analytics

State:
Created 3 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

2reactions

lidelcommented, Mar 30, 2021

@stephendonner FYSA http://Qm.. fail because Qm.. CIDv0 are case-sensitive, and the authority part of URL is case-insensitive in some web contexts (eg. DNS / Firefox force-lowercase) This is not an issue with Brave, but a quirk of representing CIDs on the web. That is why we are moving towards case-insensitive base32 CIDv1 (bafy...) identifiers (and why there is a redirect returned by go-ipfs, that does it automatically under the hood).

1reaction

spylogsstercommented, Mar 26, 2021

Test Plan:

Setup ipfs method as local node
Open http://brantly.eth.ipns.localhost:[node port]/#/, where node port you can take from brave://ipfs page
Address bar should retain http://brantly.eth.ipns.localhost:[node port]/#/
if you open https://[CID].ipns.localhost:[node port]/, where CID starts from Qm or any character from https://github.com/multiformats/multibase/blob/master/multibase.csv [‘code’ column except 0x00] address bar should show [ipfs|ipns]😕/[cid] address