Comments (2)
I'm moving this back to ipfs-companion, as it does not seem to be actionable from the perspective of Kubo repository
(imo Kubo repo should not have documentation related to companion, just like we don't have anything about ipfs-desktop, ipfsd-ctl, ipfs-cluster or any other project that uses Kubo – such docs belong to repo of respective project)
As for configuring Companion to work with non-localhost node, my suggestion is to be conservative:
- Companion is a GUI application that should "just work"
- We should NOT ask people to set CORS headers for ipfs-companion to function correctly
- Setting CORS to safelist RPC port access is hard for a reason: this is a power user feature that comes with security risk, VERY easy to give admin access to RPC port to every website on the internet.
- Kubo has no access control mechanism beyond CORS atm, and until some way of guarding it like ipfs/kubo#1532 is resolved, using RPC outside a controlled environment of localhost is considered a power user feature, aka "use at your own risk".
- Setting CORS to safelist RPC port access is hard for a reason: this is a power user feature that comes with security risk, VERY easy to give admin access to RPC port to every website on the internet.
👉 By looking at the reddit post, it sounds like what IPFS Companion could do, is to have more meaningful error message when non-localhost RPC or Gateway is used. It should explain security (CORS giving admin access to RPC API) and/or interop ramifications (non-localhost cleartext http://
gateway causing mixed-content errors IF subresources are redirected).
[..] shows ipfs not running even though I am using a kubo rpc install on the local network. #
This sounds like a bug?
- in Chromium, this should be handled by either safe listing extension ID (already done in ipfs/kubo#8690),
- in Firefox the code for adjusting the Origin HTTP header takes care of it, already in ipfs-companion/../ipfs-request.js#L227-L260
from ipfs-companion.
How about add virtual network for API isolation. like through zerotier-like intranet for using api remotely, while local computer at same network, then put the other ports public if one-self wanted, which like gateway, swarm etc,.?
maybe this way should link the cluster together in more safe way?
from ipfs-companion.
Related Issues (20)
- [MV3 Beta Bugs] Single catch-all rule per subdomain gateway HOT 4
- Refactor E2E tests
- Brave: synchronize settings when backend is "Provided by Brave" HOT 2
- Intro screen cleanup
- [MV3 Beta Bug] Redirect infinite loop with Brave when hitting "purple IPFS button" HOT 4
- [Epic] Helia Node Type HOT 2
- the IPFS companion is disabled even with Kubo is running HOT 19
- #x-ipfs-companion-no-redirect opt-out does not work in 3.0.0
- e2e Tests are broken HOT 1
- Disable Brave redirect when Companion global redirect is enabled HOT 4
- Optional injection into page context menu HOT 2
- feat: upgrade countly sdk HOT 2
- test: re-enable firefox tests in e2e
- Migrate publishing setup to ipfs.tech HOT 2
- / \ ~~~°•Fibonacci •°~~~ ↕️ / \ HOT 2
- Remove countly.ipfs.tech telemetry
- ipfs://example.com in Chromium should produce error
- display the number/percent of loaded resources in context menu HOT 2
- Firefox won't redirect to local gateway HOT 2
- Help HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipfs-companion.