ipfs-companion icon indicating copy to clipboard operation
ipfs-companion copied to clipboard
verified publisher icon ipfs

Disable redirect on X-Ipfs-Path without DNSLink on the root document

Open lidel opened this issue 3 years ago • 2 comments

https://fleek.co is an example of interesting misconfiguration (at least today 2022-02-17):

  • fleek.co has no DNSLink
  • HTTP response includes x-ipfs-path to immutable snapshot
$ ipfs resolve -r /ipns/fleek.co
Error: could not resolve name: "fleek.co" is missing a DNSLink record (https://docs.ipfs.io/concepts/dnslink/)

$ curl -Is https://fleek.co/ | grep x-ipfs-path 
x-ipfs-path: /ipfs/bafybeidwgtlx54aifd5ynwwvlozr2fuw5xrmbu3ivnwmnoxi4ewdnxty5y/

Problem

Companion will use x-ipfs-path as fallback:

https://github.com/ipfs/ipfs-companion/blob/eacee6ca786f669411c54e7cdde4c12876bf03cf/add-on/src/lib/ipfs-request.js#L310-L312

This means opening https://fleek.co with ipfs-companion will redirect user to http://bafybeidwgtlx54aifd5ynwwvlozr2fuw5xrmbu3ivnwmnoxi4ewdnxty5y.ipfs.localhost:8080

Solution

  • We should modify the redirect logic, so it does not redirect the root document in presence of immutable x-ipfs-path, as that makes it hard for user to bookmark, access the latest version in the future, and could introduce regressions (only websites with valid DNSLink should be redirected).
  • My suggestion is to consider redirecting the root document (one from address bar) if resource URL is following Gateway conventions described in https://docs.ipfs.tech/how-to/address-ipfs-on-web/ – this way misconfigured websites won't get mangled.
  • Update: for proper detection heuristics see diagram introduced in https://github.com/ipfs/ipfs-docs/pull/1295. The caveat here is to disable automatic redirect of top-level document if the URL is not a public gateway URL, the response has x-ipfs-path, but the domain has no DNSLink set up.

lidel avatar Feb 17 '22 20:02 lidel

I may look into this as an excuse to fix MV2 build. cc @meandavejustice – just FYI in case this edge case comes up in MV3 work

lidel avatar Feb 17 '22 21:02 lidel

Just flagging this is still broken, https://www.4everland.org/ gets redirected to http://bafybeia5jy6dd66beizcfk4clmobokuph7oq5jl5aobesjzyfblcjdrtma.ipfs.localhost:8080/ and user is stuck on snapshot URL, and not live URL that can get updates.

$ curl https://www.4everland.org -is | grep -i x-ipfs-path                                                                                                                                                     
x-ipfs-path: /ipfs/bafybeia5jy6dd66beizcfk4clmobokuph7oq5jl5aobesjzyfblcjdrtma/

$ dig +short TXT _dnslink.www.4everland.org
[no result]

@whizzzkid we probably should address this right after MV3 lands. It degrades UX on websites that use IPFS for hosting or provide IPFS services (but have DNSLink misconfiguration).

I would go as far as Disabling x-ipfs-path for all users by default, and also doing one-time migration, and making the below feature opt-in instead of opt-out:

2023-09-15_22-24

As it is today, makes more harm than good, unfortunately.

lidel avatar Sep 15 '23 20:09 lidel