fix: JS caching via Access-Control-Expose-Headers #8984
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge.
lidel
commented
May 19, 2022
| @@ -84,9 +84,12 @@ func GatewayOption(writable bool, paths ...string) ServeOption { | |||
|
|
|||
| headers[ACEHeadersName] = cleanHeaderSet( | |||
| append([]string{ | |||
| "Content-Length", | |||
There was a problem hiding this comment.
I also included Content-Length because it was not implicitly safelisted initially by the browsers (whatwg/fetch#622, whatwg/fetch#626) and still, the current browser behavior is not consistent.
Click to expand - Firefox 100 and Chromium 1001
Works on localhost
Start go-ipfs 0.12.2 and 0.13-rc1, then go to https://example.com/ and try to access the header from js, by typing in browser console:
$ fetch('http://127.0.0.1:8080/ipfs/bafybeib4zuumguq4cgkt7caddeukb4ysijnehvntekrtu5afmet5ujvlka/package.json').then(response => console.table(Object.fromEntries(response.headers)))
| cache-control | public, max-age=29030400, immutable |
| content-length | 4674 |
| content-type | application/json |
| last-modified | Thu, 01 Jan 1970 00:00:01 GMT |
👉 when local gateway is used, fetch is able to access content-length
Fails on ipfs.io
At the same time, JS running on https://example.com is unable to read content-length if ipfs.io is used:
$ fetch('https://ipfs.io/ipfs/bafybeib4zuumguq4cgkt7caddeukb4ysijnehvntekrtu5afmet5ujvlka/package.json').then(response => console.table(Object.fromEntries(response.headers)))
| cache-control | public, max-age=29030400, immutable |
| content-type | application/json |
| last-modified | Thu, 01 Jan 1970 00:00:01 GMT |
Manually including it on our own safelist solves the problem.
1 task
guseggert
approved these changes
May 19, 2022
|
Not too late for 0.13, will include it |
guseggert
pushed a commit
that referenced
this pull request
Jun 8, 2022
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge.
guseggert
pushed a commit
that referenced
this pull request
Jun 8, 2022
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge. (cherry picked from commit 650bc24)
guseggert
pushed a commit
that referenced
this pull request
Jun 8, 2022
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge. (cherry picked from commit 650bc24)
guseggert
pushed a commit
that referenced
this pull request
Jun 8, 2022
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge. (cherry picked from commit 650bc24)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API.
These headers allow for making smart caching decisions (#8720) when IPFS resources are downloaded via Service Worker or a similar middleware on the edge.
@guseggert If possible, we should include it in 0.13 (I forgot to safelist them in #8720), but if it is too late, then please reassign this to 0.14.