Html: Safelist protocol handlers for DWeb

Created on 17 Aug 2018 · 5Comments · Source: whatwg/html

This issue tracks safelisting of "ssb", "dat", "ipfs", "ipns" and "dweb" protocols within HTML spec.

Context

https://html.spec.whatwg.org/multipage/system-state.html#safelisted-scheme

This list can be changed. If there are schemes that ought to be added, please send feedback.

Motivation

Safelisted protocols do not require web+ prefix when redirect-based handler is registered via navigator.registerProtocolHandler. Additionally, browser vendors often reuse the safelist as the default for deciding which protocols can be handled by WebExtensions (example).

Safelisting DWeb protocols in HTML spec would make it possible for the community to start using non-HTTP DWeb addresses in the wild and provide users with HTTP-based gateways/readers even before native protocol handler API matures enough to be a part of WebExtensions.

Vendor Support

Historically there was the chicken and the egg problem with adding new protocols to the safelist, so it is important to emphasize that browser vendors are supportive to this change (see references below), and waiting for HTML spec.

Firefox does not require web+ prefix for handlers registered via navigator.registerProtocolHandler, so they effectively implement change proposed in this issue.
- Mozilla also whitelisted (patch) DWeb protocols for use in WebExtension context (Firefox 59).
Chromium is waiting (one of reasons why this issue got created), but there is intent to implement the change if HTML spec is supportive

References

Current safelist in HTML spec
Whitelisting discussion within DWeb community: https://github.com/arewedistributedyet/arewedistributedyet/issues/23
Prototyping Native Protocol Handler API for WebExtensions: mozilla/libdweb#protocol-api

additioproposal impacts documentation custom protocols

Source

lidel

👍2

Most helpful comment

Chromium is interested as per Chromium issue 651311 I'll follow up on the Chromium issue on the next steps.

asankah on 17 Aug 2018

🎉6

All 5 comments

See also #1829 and #2546.

annevk on 17 Aug 2018

Chromium is interested as per Chromium issue 651311 I'll follow up on the Chromium issue on the next steps.

asankah on 17 Aug 2018

🎉6

documentation need recorded at MDN content roadmap — https://trello.com/c/8KM2lW6p/130-safelist-protocol-handlers-for-dweb

chrisdavidmills on 31 Oct 2018

Talking to @lidel recently, there is still community interest in supporting these protocols. From recent discussion in blink-dev [1] it seems API owners are ok extending the whitelist. Moreover, there was not any complaint on the "ssb", "dat", "ipfs", "ipns" and "dweb" protocols specifically. Igalia is happy to take over @asankah's Chromium work on this and implement it in Gecko, if the Chromium/Mozilla developers don't oppose.

There are bugs filed in Mozilla and Chromium [2] [3] and testing would be handled by extending [4]. I'm going to open a PR to the spec. Anything else needed?

(Note: Mozilla switched to a whitelist in [5] since the issue was reported, so there is still some work to do in Firefox)

[1] https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/29sFh4tTdcs/K4XroilVBAAJ
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1631446
[3] https://bugs.chromium.org/p/chromium/issues/detail?id=651311
[4] https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.https.html
[5] https://bugzilla.mozilla.org/show_bug.cgi?id=1476035