Sanitize ipfs links? #177
Labels
kind/bug
A bug in existing code (including security flaws)
need/triage
Needs initial labeling and prioritization
Comments
melMass
added
kind/bug
|
So it seems like the reason the token actually ends up working is by providing a fallback to "popular" gateways, hence given the current CSP policy it's failing on NFT.storage. |
|
Oh, interesting thought. @Gozala does this fit with how you're thinking about the ideal state of how browsers / gateways handle external content? |
|
Closing this issue. More information on how to proceed with goodbits at https://blog.nft.storage/posts/badbits-and-goodbits-csp-in-nftstorage-link |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Issue
When generative tokens (html CAR packages) are viewed from the gateway. Direct links to ipfs (i.e
ipfs://<CID>) are not sanitized:DOES NOT WORK -> https://bafybeifsiea24k46cgebr6pcleqmqe6kyqzh4pw4rexep4xdr337625oyi.ipfs.nftstorage.link/
WORKS -> https://ipfs.io/ipfs/bafybeifsiea24k46cgebr6pcleqmqe6kyqzh4pw4rexep4xdr337625oyi/
Though looking at the source code I'm not such of the artist's logic there.
The text was updated successfully, but these errors were encountered: