ipfs-webui icon indicating copy to clipboard operation
ipfs-webui copied to clipboard

Published 20 hours ago verified publisher icon ipfs

Share Link incorrectly gives path routed instead of subdomain routed URL.

Open MicahZoltu opened this issue 1 year ago • 6 comments

  • OS: Windows
  • Version of IPFS Desktop: 0.32.0

Describe the bug When you right click on a file in Files and choose "Share Link" you are given a URL like https://<host>/ipfs/<cid>. This should be of the form https://<cid>.ipfs.<host> for security reasons.

To Reproduce Steps to reproduce the behavior:

  1. Go to Files tab.
  2. Right click on any file.
  3. Choose "Share Link"
  4. Notice the link provided uses path routing.

Expected behavior Subdomain routing is always used.

Additional context Path routing is known to be insecure for websites that use cookies, local storage, etc. This is well documented in the IPFS documentation and the documentation and security experts all recommend using subdomain routing whenever possible (which is almost always possible). These share links are encouraging people to share URLs that are insecure by default, and we should instead be using subdomain by default.

MicahZoltu avatar Jan 25 '24 06:01 MicahZoltu