From 6d16349adcc3ab37a620aac98ea3b01ff58a8998 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 8 Jun 2021 15:34:37 +0200 Subject: [PATCH 1/4] docs: improved security notes Improved README based on changes from #148 --- README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fffc0d4c..f714e04f 100644 --- a/README.md +++ b/README.md @@ -6,16 +6,26 @@ View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-g [![Screenshot of Public Gateway Checker](https://gateway.ipfs.io/ipfs/QmZBvMaV3EBtuUB4yGD5gGJwmEyePpk2sWjvPEoLJKcH5D)](https://ipfs.github.io/public-gateway-checker/) -**NOTE:** With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such. + +## SECURITY NOTES + +- With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such. +- Gateways without origin isolation will be marked with ⚠️, indicating they are not safe for use cases that require private local storage of data or credentials. [Learn more](https://github.com/ipfs/public-gateway-checker/issues/150). +>>>>>>> 3cd5478 (docs: improved security notes) + ## Adding a new public gateway + If you'd like to add a new public gateway, please edit `gateways.json`: 1. Add the gateway's address to the bottom of the list 2. Make sure the final item in the list does **not** have a comma at the end, but all preceding items do +3. If you care about security of websites loaded via your gateway, make sure it is set up as a [subdomain gateway](https://docs.ipfs.io/how-to/address-ipfs-on-web/#subdomain-gateway). See [config docs](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gatewaypublicgateways) and [recipes](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gateway-recipes) for go-ipfs, and [learn more here](https://github.com/ipfs/public-gateway-checker/issues/150). Then, submit a pull request for this change. Be sure to follow all the directions in the pull request template so your PR can be triaged as quickly as possible. + + ## Testing locally ```console From 8e4fcfc272afb6e1577a0ae39d9a9cf83c1c220c Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 8 Jun 2021 15:50:06 +0200 Subject: [PATCH 2/4] style: clarify third-party vs PL Co-authored-by: Peter Rabbitson --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f714e04f..09ba2ddc 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-g ## SECURITY NOTES -- With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such. +- The list contains gateways operated by various parties, coordinated by loose mutual consensus, without a central governing authority. Protocol Labs operates and is responsible for only two of the listed gateways: `ipfs.io` and `dweb.link`. - Gateways without origin isolation will be marked with ⚠️, indicating they are not safe for use cases that require private local storage of data or credentials. [Learn more](https://github.com/ipfs/public-gateway-checker/issues/150). >>>>>>> 3cd5478 (docs: improved security notes) From c196af12fb5a768c8d34163665ee64f6a39f63bc Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 8 Jun 2021 16:23:31 +0200 Subject: [PATCH 3/4] feat: security disclaimer at the top of checker This adds the operator disclaimer ifrom README to the top of checker. License: MIT Signed-off-by: Marcin Rataj --- README.md | 2 +- index.html | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 09ba2ddc..88e5b9db 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-gateway-checker/ -[![Screenshot of Public Gateway Checker](https://gateway.ipfs.io/ipfs/QmZBvMaV3EBtuUB4yGD5gGJwmEyePpk2sWjvPEoLJKcH5D)](https://ipfs.github.io/public-gateway-checker/) +[![Screenshot of Public Gateway Checker](https://user-images.githubusercontent.com/157609/121202304-7b485980-c875-11eb-913a-29b275afa0b3.png)](https://ipfs.github.io/public-gateway-checker/) ## SECURITY NOTES diff --git a/index.html b/index.html index 9d925740..6fb84d38 100644 --- a/index.html +++ b/index.html @@ -35,9 +35,18 @@

Public Gateways

-
- Security disclaimer: avoid storing sensitive data (or providing credentials) on websites loaded via gateways marked with ⚠️
- These are legacy gateways for fetching standalone data, not designed to serve dapps/websites (they do not provide origin isolation). +
+ SECURITY NOTES: +
    +
  • Avoid storing sensitive data (or providing credentials) on websites loaded via gateways marked with ⚠️
    + These are legacy gateways for fetching standalone data, not designed to serve dapps/websites.
    + They do not provide origin isolation. +
    • +
  • + The list contains gateways operated by various parties, coordinated by loose mutual consensus, without a central governing authority.
    + Protocol Labs operates and is responsible for only two of the listed gateways: ipfs.io and dweb.link. +
    • +
From 74e93e0a94978e11ddf8809ef7507054077f0515 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Wed, 9 Jun 2021 00:03:47 +0200 Subject: [PATCH 4/4] style: warning css from docs.ipfs.io https://github.com/ipfs/public-gateway-checker/pull/151#issuecomment-857193370 License: MIT Signed-off-by: Marcin Rataj --- README.md | 2 +- index.html | 2 +- styles.css | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 88e5b9db..cb9c75bb 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-gateway-checker/ -[![Screenshot of Public Gateway Checker](https://user-images.githubusercontent.com/157609/121202304-7b485980-c875-11eb-913a-29b275afa0b3.png)](https://ipfs.github.io/public-gateway-checker/) +[![Screenshot of Public Gateway Checker](https://user-images.githubusercontent.com/157609/121263486-f7fb2800-c8b5-11eb-9061-0b6f586a6f25.png)](https://ipfs.github.io/public-gateway-checker/) ## SECURITY NOTES diff --git a/index.html b/index.html index 6fb84d38..6b3b17a0 100644 --- a/index.html +++ b/index.html @@ -36,7 +36,7 @@

Public Gateways

- SECURITY NOTES: +

SECURITY NOTES

  • Avoid storing sensitive data (or providing credentials) on websites loaded via gateways marked with ⚠️
    These are legacy gateways for fetching standalone data, not designed to serve dapps/websites.
    diff --git a/styles.css b/styles.css index b755bc56..08fe8e81 100644 --- a/styles.css +++ b/styles.css @@ -97,3 +97,21 @@ div.Node.origin div.Link::after { div.Node:not(.online):not(:first-child) { opacity: .5 } + +div#origin-warning { + padding: .1rem 1.5rem; + border-left: 4px solid #e7c000; + background-color: #fff7d2; + color: #34373f; +} + +div#origin-warning p { + letter-spacing: .5px; + color: #b29400; + font-weight: 600; + margin-bottom: -.4rem; +} + +div#origin-warning ol, div#origin-warning p, div#origin-warning ul { + line-height: 1.7; +}