Prevent possible phishing from misuse of ipfs gateway

[barlock]

Related Issue
Supports #45

Related PRs
This PR is not dependent on any other PR

What does this PR do?
I realized that allowing any domain to forward to any arbitrary ipfs hash could lead to weird cookie things or phishing if a site were vulnerable to XSS. I'm preventing that.

Description of Changes
Modified the viewer request where the bug was.

I was balancing between two concerns with this one. I think it would be cool if a site could work on a normal ipfs gateway, at which point sites could have links to their own content. So I allowed that to work as it seems safe.

I'd be curious if there are opposing thoughts.

What gif most accurately describes how I feel towards this PR?

[brian-lc]

We might want to consider running a scan against the final site to see if there are any other exploits that could be an issue.

[barlock]

Know any good open source tools? Sense it's all static, wouldn't most exploits be from the Dev, not the platform? What exploits are you thinking of? Any in particular?

…

On Thu, Jan 24, 2019 at 5:31 PM Brian Chamberlain ***@***.***> wrote: We might want to consider running a scan against the final site to see if there are any other exploits that could be an issue. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#52 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFgLF428Qin2kmuuTYkvUPrk6AsWVGkFks5vGjRVgaJpZM4aRfzn> .