From fe68bdf9f1dcbacce034f3a4cf1ec6577c226050 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 3 Sep 2024 23:07:59 +0200 Subject: [PATCH 1/4] chore: add references to ipfs-gateway.md --- docs/concepts/ipfs-gateway.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/concepts/ipfs-gateway.md b/docs/concepts/ipfs-gateway.md index c64fc190e..9fb306e5a 100644 --- a/docs/concepts/ipfs-gateway.md +++ b/docs/concepts/ipfs-gateway.md @@ -75,10 +75,6 @@ For more information about public gateways, see the [Public IPFS Gateways](./pub ## Gateway types -:::warning -[Path resolution style gateways](#path) do not provide origin isolation. -::: - There are multiple gateway types, each with specific use case, security, performance, and functional implications. - [Read support](#read-only-gateways) @@ -118,11 +114,21 @@ https://{gateway URL}/ipfs/{content ID}/{optional path to resource} Path-resolving gateways, however, violate the [same-origin policy](https://en.wikipedia.org/wiki/Same-origin_policy) that protects one website from improperly accessing session data of another website. +:::warning +This type of gateway does not provide origin isolation and should not be used for hosting web apps. + +Learn more at [Address IPFS on the web: Path Gateway](../how-to/address-ipfs-on-web.md#path-gateway) +::: + #### Subdomain Subdomain resolution style maintains compliance with the [single-origin policy](https://en.wikipedia.org/wiki/Same-origin_policy). The canonical form of access, `https://{CID}.ipfs.{gatewayURL}/{optional path to resource}`, causes the browser to interpret each returned file as being from a different origin. -Subdomain resolution support began with [Kubo](https://github.com/ipfs/kubo) release `0.5.0`. +::: callout +This type of gateway does provide origin isolation and should be used for hosting web apps. + +Learn more at [Address IPFS on the web: Subdomain Gateway](../how-to/address-ipfs-on-web.md#subdomain-gateway) +::: #### DNSlink @@ -145,6 +151,10 @@ DNSLink resolution occurs when the gateway recognizes an IPNS identifier contain 4. The gateway employs DNSLink resolution to return the current content version from IPFS. 5. The browser does not perceive the gateway as the origin of the content and therefore enforces the single-origin policy to protect `example.com`. +::: callout +Learn more at [Address IPFS on the web: DNSLink Gateway](../how-to/address-ipfs-on-web.md#dnslink-gateway) +::: + ### Gateway services Currently HTTP gateways may access both IPFS and IPNS services: From 5cd49f1542f9b391436121b7bebe33019fa77c15 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 3 Sep 2024 23:13:12 +0200 Subject: [PATCH 2/4] chore: update pln-ignore.txt --- .github/styles/pln-ignore.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/styles/pln-ignore.txt b/.github/styles/pln-ignore.txt index 9b8eb68ca..eaa2d8249 100644 --- a/.github/styles/pln-ignore.txt +++ b/.github/styles/pln-ignore.txt @@ -21,6 +21,7 @@ bool(ean) boolean boxo browserify +callout callouts cas cdns From 85a02871de5ddd920c350069c3e16ae4c09c58d4 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 3 Sep 2024 23:47:09 +0200 Subject: [PATCH 3/4] chore: remove outdated links --- docs/concepts/ipfs-gateway.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/docs/concepts/ipfs-gateway.md b/docs/concepts/ipfs-gateway.md index 9fb306e5a..6ec8c6363 100644 --- a/docs/concepts/ipfs-gateway.md +++ b/docs/concepts/ipfs-gateway.md @@ -4,9 +4,7 @@ description: Learn why gateways are an important part of using IPFS in conjuncti related: 'IPFS Docs: Address IPFS on the Web': /how-to/address-ipfs-on-web/ 'IPFS public gateway checker': https://ipfs.github.io/public-gateway-checker/ - 'Gateway specifications': https://github.com/ipfs/specs/blob/main/http-gateways/#readme - 'Article: Solving the IPFS Gateway Problem (Pinata)': https://medium.com/pinata/the-ipfs-gateway-problem-64bbe7eb8170 - 'Tutorial: Setting up an IPFS gateway on Google Cloud Platform (Stacktical)': https://blog.stacktical.com/ipfs/gateway/dapp/2019/09/21/ipfs-server-google-cloud-platform.html + 'Gateway specifications': https://specs.ipfs.tech/http-gateways/ --- # IPFS Gateway @@ -66,13 +64,10 @@ _Private gateways_ are configured to limit access to requests from specific doma They are frequently, but not exclusively, used behind firewalls. Running [IPFS Desktop](https://github.com/ipfs-shipyard/ipfs-desktop#ipfs-desktop) or another form of IPFS node triggers connection attempts to other IPFS peers. Private network administrators may treat such connection attempts as potential security vulnerabilities. Private IPFS gateway servers located inside the private network and running a trusted code base provide an alternative architecture for read/write access to externally-hosted IPFS content. -This [tutorial configuring an IPFS gateway on a Google Cloud platform](https://blog.stacktical.com/ipfs/gateway/dapp/2019/09/21/ipfs-server-google-cloud-platform.html) includes information on constraining access for a private gateway setup. - ### Public gateways For more information about public gateways, see the [Public IPFS Gateways](./public-utilities.md#public-ipfs-gateways) - ## Gateway types There are multiple gateway types, each with specific use case, security, performance, and functional implications. From 5d0706f7177a588c318d9b35351a90aa4fe5128a Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 10 Sep 2024 23:35:16 +0200 Subject: [PATCH 4/4] chore: reference specs --- docs/concepts/ipfs-gateway.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/concepts/ipfs-gateway.md b/docs/concepts/ipfs-gateway.md index 6ec8c6363..ba3cf3e04 100644 --- a/docs/concepts/ipfs-gateway.md +++ b/docs/concepts/ipfs-gateway.md @@ -112,7 +112,7 @@ Path-resolving gateways, however, violate the [same-origin policy](https://en.wi :::warning This type of gateway does not provide origin isolation and should not be used for hosting web apps. -Learn more at [Address IPFS on the web: Path Gateway](../how-to/address-ipfs-on-web.md#path-gateway) +Learn more at [Address IPFS on the web: Path Gateway](../how-to/address-ipfs-on-web.md#path-gateway) and [Path Gateway Specification](https://specs.ipfs.tech/http-gateways/path-gateway/). ::: #### Subdomain @@ -122,7 +122,7 @@ Subdomain resolution style maintains compliance with the [single-origin policy]( ::: callout This type of gateway does provide origin isolation and should be used for hosting web apps. -Learn more at [Address IPFS on the web: Subdomain Gateway](../how-to/address-ipfs-on-web.md#subdomain-gateway) +Learn more at [Address IPFS on the web: Subdomain Gateway](../how-to/address-ipfs-on-web.md#subdomain-gateway) and [Subdomain Gateway Specification](https://specs.ipfs.tech/http-gateways/subdomain-gateway/). ::: #### DNSlink @@ -147,7 +147,7 @@ DNSLink resolution occurs when the gateway recognizes an IPNS identifier contain 5. The browser does not perceive the gateway as the origin of the content and therefore enforces the single-origin policy to protect `example.com`. ::: callout -Learn more at [Address IPFS on the web: DNSLink Gateway](../how-to/address-ipfs-on-web.md#dnslink-gateway) +Learn more at [Address IPFS on the web: DNSLink Gateway](../how-to/address-ipfs-on-web.md#dnslink-gateway) and [DNSLink Gateway Specification](https://specs.ipfs.tech/http-gateways/dnslink-gateway/). ::: ### Gateway services