Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wss:// gets redirected to IPNS #469

Closed
mkg20001 opened this issue Apr 29, 2018 · 5 comments
Closed

wss:// gets redirected to IPNS #469

mkg20001 opened this issue Apr 29, 2018 · 5 comments
Assignees
@lidel
Labels
kind/bug A bug in existing code (including security flaws)

Comments

@mkg20001
Copy link

mkg20001 commented Apr 29, 2018
edited
Loading

When accessing https://libp2p-nodetrust.tk/demo it gets properly redirected to http://127.0.0.1:8080/ipns/libp2p-nodetrust.tk/demo/
When launching the demo it connects to wss://libp2p-nodetrust.tk which should not be redirected, yet it gets redirected to http://127.0.0.1:8080/ipns/libp2p-nodetrust.tk/demo/ which breaks the demo

Fix: Detect and don't modify websocket requests
@lidel lidel added the kind/bug A bug in existing code (including security flaws) label Apr 30, 2018
@lidel
Copy link
Member

lidel commented Apr 30, 2018

Thank you for reporting this.
Just to confirm, does it happen only when dnslink experiment is enabled?

screenshot_5

@mkg20001
Copy link
Author

mkg20001 commented May 1, 2018

Just tested it, the results look weird. i'll retest it on a clean firefox profile again.

| -                 | ff  | chrome |
|-------------------|-----|--------|
| with dnslink      | [ ] | [x]    |
| without dnslink   | [ ] | [x]    |
| without companion |     | [x]    |

@mkg20001
Copy link
Author

mkg20001 commented May 1, 2018

On the nightly indeed everything seems to work...

| -                 | ff  | chrome |
|-------------------|-----|--------|
| with dnslink      | [x] | [x]    |
| without dnslink   | [x] | [x]    |
| without companion | [x] | [x]    |

lidel added a commit that referenced this issue May 2, 2018
@lidel
Skip HTTP GET of websocket handshake
8176948 
Closes #469
@lidel
Copy link
Member

lidel commented May 2, 2018
edited
Loading

I was able to replicate it yesterday with Firefox 59, but only when dnslink was enabled.
@mkg20001 did you change the web app by any chance? I am no longer able to replicate the bug today – page seems to work file with and without dnslink.

Anyway, some plausible explanations:

  • The extension was breaking the WSS in by replacing initial HTTP GET that was supposed to end with 101 Switching Protocols (upgrade to websocket connection) with a plain HTTP 307 redirect to IPNS page at localhost (I am low key assuming your app used implicit hostname for websocket handshake here)
  • The HTML and JS loaded from IPNS was an older (broken?) version than the one at https://libp2p-nodetrust.tk/demo.
  • Upstream difference between API implementation across browser vendors. Namely the websocket protocol upgrade being handled in a different way by webRequest APIs.

I agree with general suggestion. To be on the safe side the extension should explicitly skip requests related to WSS (HTTP2IPFS gateways do not support WSS anyway). That way we will be immune to ephemeral bugs caused by browsers including/excluding websocket handshake from <all_urls> etc.

FYSA right now, both Chrome and Firefox (nightly and stable) include it in mentioned scope and pass it to both hooks:

Firefox Chrome
screenshot_1 screenshot_6

To address this, I created a PR: Skip HTTP GET of websocket handshake #472

@lidel lidel self-assigned this May 2, 2018
@lidel lidel mentioned this issue May 2, 2018
Merged
@lidel lidel closed this as completed in #472 May 2, 2018
@lidel
Copy link
Member

lidel commented May 2, 2018

@mkg20001 should be fixed in latest beta (v2.2.2.9120)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lidel lidel

Labels
kind/bug A bug in existing code (including security flaws)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lidel @mkg20001