Skip to content
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.

Update Dat & IPFS protocol handlers to set CSPs #20

Closed
3 tasks done
pfrazee opened this issue Jun 30, 2016 · 0 comments
Closed
3 tasks done

Update Dat & IPFS protocol handlers to set CSPs #20

pfrazee opened this issue Jun 30, 2016 · 0 comments
Labels
enhancement Change that's on the roadmap

Comments

@pfrazee
Copy link
Member

pfrazee commented Jun 30, 2016
edited

The CSPs should disable any unsafe-* policies, and restrict requests to the current archive's origin.

Currently, the protocols are handled using Electron's registerBufferProtocol. Because registerBufferProtocol cant set the response headers, this change will require a change to registerHttpProtocol, and an internal HTTP server.

The HTTP server will be given a random port. To make sure no other process can access it, a nonce will be used in the requests.

  • dat://
  • view-dat://
  • ipfs:/
@pfrazee pfrazee added the enhancement Change that's on the roadmap label Jun 30, 2016
@pfrazee pfrazee closed this as completed Jul 1, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Change that's on the roadmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pfrazee