ipfs
gateway: UX improvement: browser-only subdomain redirects
Summary
Implement conditional subdomain gateway redirects that only execute when the client is identified as a web browser, preventing unnecessary redirects for programmatic clients and tools.
Rationale
As discussed in https://github.com/ipfs/kubo/issues/11024#issuecomment-3400044981, the current gateway behavior performs subdomain redirects universally, which acts as a papercut in non-browser contexts when localhost (subdomain gw) is used instead of 127.0.0.1 (path gw):
- creates unnecessary performance overhead due to extra redirect in non-browser clients like curl, wget, handle these redirects as expected.
- and/or breaks in Windows or macOS (https://github.com/ipfs/kubo/issues/7527) or other programmatic tools that don'tsupport subdomains correctly
Proposed Change
The gateway should detect whether the requesting client is a browser before executing subdomain redirects. This detection can be based on:
- User-Agent header analysis
- Accept headers that indicate browser requests
- Presence of browser-specific headers
Non-browser clients would receive direct responses without subdomain redirects, maintaining compatibility with existing tooling while preserving the security benefits of subdomain isolation for web browsers.
Browser-like detection
TBD. Unsure if naive check if User-Agent starts with Mozilla is enough.
Needs reseach what is the most robust and future proof way here.
We want to keep Origin isolation in all user agents that hint to be a browser capable of rendering HTML and JS. Could be combination of User-Agent, Accept etc.
