Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add referer on redirect #68

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix: add referer on redirect #68

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion packages/edge-gateway/src/ipfs.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,14 @@ export async function ipfsGet(request, env) {
`https://${nCid}.${env.IPFS_GATEWAY_HOSTNAME}${redirectPath}${redirectQueryString}`
)

return Response.redirect(url, 302)
const headers = new Headers(request.headers)
headers.set('Referrer-Policy', 'unsafe-url')
headers.set('Location', url.toString())
headers.set('Referer', request.headers.get('Referer'))
Copy link

@alanshaw alanshaw Apr 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this work IRL? I thought this was one of those headers you're not allowed to set in a browser/worker context!?

Copy link

@alanshaw alanshaw Apr 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, this what we send back to the client right? Referer is a request header, I'm not sure I understand how this fixes the issue?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fix is based on discussion https://community.cloudflare.com/t/passing-on-referer-value-on-301-https-redirects/78787/8

The goal is to have CF analytics / Firewall have access to the Referer, which looks like not the case with current redirect.

Does this work IRL?

I need to deploy to see, using staging dedicated route it does not break anything, but for actually seeing analytics in nftstorage.link domain I need to get it there


return new Response(undefined, {
status: 302,
statusText: 'Found',
headers,
})
}
30 changes: 24 additions & 6 deletions packages/edge-gateway/test/ipfs-path.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,83 +29,101 @@ test('should resolve a cid v0 with IPFS canonical resolution', async (t) => {
const { mf } = t.context

const response = await mf.dispatchFetch(
'https://localhost:8787/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR'
'https://localhost:8787/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR',
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
'https://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi.ipfs.localhost:8787/'
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})

test('should resolve a cid v1 with IPFS canonical resolution', async (t) => {
const { mf } = t.context

const response = await mf.dispatchFetch(
'https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq'
'https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq',
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
'https://bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq.ipfs.localhost:8787/'
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})

test('should resolve a cid and path with IPFS canonical resolution', async (t) => {
const { mf } = t.context

const response = await mf.dispatchFetch(
'https://localhost:8787/ipfs/bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu/path/file.txt'
'https://localhost:8787/ipfs/bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu/path/file.txt',
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
'https://bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu.ipfs.localhost:8787/path/file.txt'
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})

test('should resolve a cid and path with IPFS canonical resolution when subdomain also used', async (t) => {
const { mf } = t.context

const response = await mf.dispatchFetch(
'https://bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu.ipfs.localhost:8787/ipfs/bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu/path/file.txt'
'https://bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu.ipfs.localhost:8787/ipfs/bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu/path/file.txt',
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
'https://bafybeifvsmjgbhck72pabliifeo35cew5yhxujfqjxg4g32vr3yv24h6zu.ipfs.localhost:8787/path/file.txt'
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})

test('should resolve a cid IPFS canonical resolution keeping query parameters', async (t) => {
const { mf } = t.context
const queryString = '?key=value'

const response = await mf.dispatchFetch(
`https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq${queryString}`
`https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq${queryString}`,
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
`https://bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq.ipfs.localhost:8787/${queryString}`
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})

test('should resolve a cid IPFS canonical resolution with same path as IPFS path', async (t) => {
const { mf } = t.context

const response = await mf.dispatchFetch(
'https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq'
'https://localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq',
{ headers: { Referer: 'localhost:8787' } }
)
await response.waitUntil()
t.is(response.status, 302)
t.is(
response.headers.get('location'),
'https://bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq.ipfs.localhost:8787/ipfs/bafkreidyeivj7adnnac6ljvzj2e3rd5xdw3revw4da7mx2ckrstapoupoq'
)
t.is(response.headers.get('referrer-policy'), 'unsafe-url')
t.is(response.headers.get('referer'), 'localhost:8787')
})