Marcin Rataj

icon indicating a website link https://lidel.org icon indicating an email [email protected]

icon company @ipfs @ipshipyard icon location Europe, Earth icon location How I learned to stop worrying and love converting oxygen into carbon dioxide

Results 493 issues of Marcin Rataj

Fix "Origin" isolation check

2 comment

It seems that gateways get ✅ for Origin isolation and :green_heart: EVEN when path gateway does not redirect to a subdomain. This broken setup is not possible with go-ipfs, but...

kind/bug
help wanted
good first issue
exp/intermediate
P1
effort/hours
status/ready

Test Service-Worker: script behavior

4 comment

Gateways should guard against the risk described in https://github.com/ipfs/go-ipfs/issues/4025 (additional notes [in gateway spec draft here](https://github.com/ipfs/specs/blob/ffe8af9a1aa725cdd9fe740ab1f3dbc855787746/http-gateways/PATH_GATEWAY.md#service-worker-request-header)) Not guarding should be punished with a big red error.

P1
need/analysis
effort/days
topic/design-front-end
topic/design-ux

Add publicsuffix check

If gateway is a subdomain one, we should also test if it is on the Public Suffix List used by browsers. Why? Without PSL the owner of the suffix can...

kind/enhancement
help wanted
good first issue
exp/intermediate
P2
effort/hours
status/ready

HTTP Headers Cleanup: API and Gateway

3 comment

### Summary We should have: - [Interop](https://github.com/ipfs/interop) tests that ensure HTTP responses have the same headers and values, no matter which implementation is the backend - Diagnostic tool/script that can...

help wanted
epic
developers
status/deferred

ServiceWorker-like protocol handlers for WebExtensions

3 comment

> (this is placeholder issue, will be updated as we work on spec prototypes, discuss with vendors etc) ## Problem Currently (2023Q3): 1. The web platform supports registering custom protocol...

specs
epic
dif/expert
P1
effort/weeks
env:browser

Support for Curve25519 (Ed25519 X25519) in Web Cryptography APIs

2 comment

We are collaborating with Igalia on this. Filling issue so folks can subscribe for updates – I will edit details below to reflect current state. - Meta / specs -...

kind/enhancement
specs
status/in-progress

WICG Proposal - Local Devices API (LAN Services)

1 comment

> This is yet another thing that should be on our radar, as could impacr LAN and Web Browser connectivity story. ## Summary WICG Proposal's [initial draft](https://docs.google.com/document/d/1zETnp7guaIb3rCfgNJbCCZblBTGxlUCaNUznz65iFmA/edit#) states utility relevant...

need/analysis
need/triage

Mirroring Web to IPFS

7 comment

This is a meta-issue tracking related work and discussions (moved from https://github.com/ipfs-shipyard/ipfs-companion/issues/96). ## Feasible - [x] Image Rehosting via HTTP API ([ipfs-companion/#599](https://github.com/ipfs-shipyard/ipfs-companion/issues/599)) - [ ] Creating simplified website snapshot: -...

help wanted
web extension
needs clarification
status/ready
ux

Using CID in HTML SRI (Subresource Integrity attributes)

> Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a [CDN](https://developer.mozilla.org/en-US/docs/Glossary/CDN)) are delivered without unexpected manipulation. It works by...

need/triage

WebTransport with Certificate Hashes

5 comment

tl;dr - WebTransport can act as a replacement for Secure WebSockets (`/wss`) that is easier to set up thanks to "certificate hashes" feature which might provide means to remove the...

status/in-progress
needs clarification
epic
dif/expert
need/analysis
need/community-input
need/maintainers-input
effort/weeks