Make every base hash its own origin, effectively.
This commit is contained in:
parent
e6fc8a8b13
commit
04d2391f26
|
@ -64,32 +64,55 @@ function not_found_response() {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function forbidden_response() {
|
||||||
|
return response(
|
||||||
|
403, 'Forbidden',
|
||||||
|
Buffer.from('<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>Intergalactic</center></body></html>'),
|
||||||
|
{'Content-Type': 'text/html; charset=utf-8'}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
self.addEventListener('fetch', (event) => {
|
self.addEventListener('fetch', (event) => {
|
||||||
if (!event.request.url.startsWith(self.location.origin)) {
|
if (!event.request.url.startsWith(self.location.origin)) {
|
||||||
return console.log('Fetch not in scope:', event.request.url)
|
return console.log('fetch not in scope:', event.request.url)
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log('handling fetch event:', event.request.url)
|
console.log('handling fetch event:', event.request.url)
|
||||||
|
|
||||||
const url = new URL(event.request.url)
|
const request_path = (new URL(event.request.url)).pathname
|
||||||
const multihash = url.pathname
|
|
||||||
|
|
||||||
// If this isn't an IPFS URL, bail.
|
// If this isn't an IPFS URL, bail.
|
||||||
if (!multihash.startsWith('/ipfs/')) {
|
if (!request_path.startsWith('/ipfs/')) {
|
||||||
console.log('not a valid IPFS hash:', multihash)
|
console.log('not a valid IPFS hash:', request_path)
|
||||||
if (multihash != '/bundle.js' && multihash != '/fetcher.js') {
|
if (request_path != '/bundle.js' && request_path != '/fetcher.js') {
|
||||||
event.respondWith(not_found_response())
|
event.respondWith(not_found_response())
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If this is a same-origin or CORS request, and it's not to a URL within the same base IPFS
|
||||||
|
// hash, then block it as forbidden. This in effect gives each base IPFS hash its own origin.
|
||||||
|
if (event.request.mode == 'same-origin' || event.request.mode == 'cors') {
|
||||||
|
let matches = /^(\/ipfs\/\w*)/.exec((new URL(event.request.referrer)).pathname)
|
||||||
|
let referrer_base_path = matches[1]
|
||||||
|
if (referrer_base_path && !request_path.startsWith(referrer_base_path)) {
|
||||||
|
console.log(
|
||||||
|
'denying ' + event.request.mode + ' request from referrer with different base hash:',
|
||||||
|
event.request.referrer
|
||||||
|
)
|
||||||
|
event.respondWith(forbidden_response())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (!ipfs_initialized) {
|
if (!ipfs_initialized) {
|
||||||
ipfs_initialized = initialize_ipfs()
|
ipfs_initialized = initialize_ipfs()
|
||||||
}
|
}
|
||||||
|
|
||||||
event.respondWith(
|
event.respondWith(
|
||||||
ipfs_initialized.then(() => {
|
ipfs_initialized.then(() => {
|
||||||
return node.files.get(multihash)
|
return node.files.get(request_path)
|
||||||
}).then((files) => {
|
}).then((files) => {
|
||||||
// If there's just one result, return it.
|
// If there's just one result, return it.
|
||||||
if (files.length == 1 && files[0].content) {
|
if (files.length == 1 && files[0].content) {
|
||||||
|
|
Reference in New Issue
Block a user