You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have ability to enable HTTP retrieval for specific hostnames (only do HTTP with hosts from allowlist) via httpnet.WithAllowlist
To prepare for the future where we enable this by default in places like Kubo, there should be a companion, opposite flag that allows us to pass explicit denylist (with known hosts that should NOT be used for HTTP retrieval) – httpnet.WithDenylist
The denylist should apply to both original URL and any HTTP redirects.
The main reason here is to avoid situation where defunct gateways start returning redirects to ipfs.io and dweb.link, effectively acting as amplification vector (note: there may be a better fix in #862).
We have ability to enable HTTP retrieval for specific hostnames (only do HTTP with hosts from allowlist) via
httpnet.WithAllowlistTo prepare for the future where we enable this by default in places like Kubo, there should be a companion, opposite flag that allows us to pass explicit denylist (with known hosts that should NOT be used for HTTP retrieval) –
httpnet.WithDenylistThe denylist should apply to both original URL and any HTTP redirects.
The main reason here is to avoid situation where defunct gateways start returning redirects to
ipfs.ioanddweb.link, effectively acting as amplification vector (note: there may be a better fix in #862).cc @hsanjuan
The text was updated successfully, but these errors were encountered: