Ipfs-companion: Redirecting .ETH/ -> .ETH.LINK should use HTTPS instead of HTTP

Created on 5 Feb 2020  Â·  2Comments  Â·  Source: ipfs/ipfs-companion

Platform:
Windows
Microsoft Edge / Chrome,

Issue
Navigating to almonit.eth/ redirects to http://almonit.eth.link/

Expected result
It should redirect to https://almonit.eth.link/

Defaulting to HTTPS makes sense, as .eth.link supports HTPS, and Edge/chrome will start warning that http sites are unsafe.

kinbug topisecurity

Most helpful comment

If I had to take a wild guess of what needs to be updated, I would think it is this line.
I don't have an environment set up to do extension development, otherwise I'd attempt creating a PR for this

https://github.com/ipfs-shipyard/ipfs-companion/blob/c3f4c531514522bf11ca74ce878051480f8ad773/add-on/src/lib/ipfs-request.js#L409

All 2 comments

If I had to take a wild guess of what needs to be updated, I would think it is this line.
I don't have an environment set up to do extension development, otherwise I'd attempt creating a PR for this

https://github.com/ipfs-shipyard/ipfs-companion/blob/c3f4c531514522bf11ca74ce878051480f8ad773/add-on/src/lib/ipfs-request.js#L409

Thank you @DavidBurela, fixed in https://github.com/ipfs-shipyard/ipfs-companion/pull/847

There is a small caveat to this:

Limitation of wildcard certificate at *.eth.link

@chris-remus FYI there is an open issue with HTTPS on *.eth.link – is there an open issue for this somewhere? If not, where I can report below?

Gateway at eth.link uses LetsEncrypt certs that work only with *.eth.link and will fail for *.*.eth.link.

For example https://blog.khinsen.eth.link/ (loaded without ipfs-companion) produces certificate validation errors in both Firefox and Chromium. User can manually bypass the error and page will load fine, but its bad UX.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

lidel picture lidel  Â·  3Comments

skyzyx picture skyzyx  Â·  3Comments

lidel picture lidel  Â·  3Comments

lidel picture lidel  Â·  5Comments

djdv picture djdv  Â·  3Comments