opensource/kubo

mirror of https://github.com/ipfs/kubo.git synced 2025-12-17 07:49:24 +08:00

Author	SHA1	Message	Date
Hector Sanjuan	1b490476e5	HTTP API: Disallow GET requests on API This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler to only allow POST/OPTIONS, disallowing GET and others in the handling of command requests in the IPFS HTTP API (where before every type of request method was handled, with GET/POST/PUT/PATCH being equivalent). The Read-Only commands that the HTTP API attaches to the gateway endpoint will additional handled GET as they did before (but stop handling PUT,DELETEs). By limiting the request types we address the possibility that a website accessed by a browser abuses the IPFS API by issuing GET requests to it which have no Origin or Referrer set, and are thus bypass CORS and CSRF protections. This is a breaking change for clients that relay on GET requests against the HTTP endpoint (usually :5001). Applications integrating on top of the gateway-read-only API should still work (including cross-domain access). Co-Authored-By: Steven Allen <steven@stebalien.com> Co-Authored-By: Marcin Rataj <lidel@lidel.org>	2020-04-05 09:57:57 +02:00
Steven Allen	a53d48059b	fix: migrate from deprecated warning function	2020-01-28 21:20:21 -08:00
Steven Allen	5eea0a4ba0	http: use Method* constants License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2020-01-10 10:19:08 +01:00
Steven Allen	4924b80e10	chore: fix linter nits License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-05-14 09:38:26 -07:00
Jakub Sztandera	42e191c017	gx: unrewrite License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>	2019-03-05 18:33:56 +01:00
Steven Allen	3fa1bfe1bc	gx: update cmds and flatfs fixes #6028, fixes crash when writing after closing on flatfs. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-03-01 12:17:49 -08:00
Steven Allen	f227862e88	gx: update go-ipfs-cmds, go-bitswap, go-libp2p-kad-dht, and go-mplex Fixes the latest batch of bugs found in RC testing. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-27 12:39:24 -08:00
Hector Sanjuan	6972a9aa4d	Gx Bubble. libp2p-6.0.38 License: MIT Signed-off-by: Hector Sanjuan <code@hector.link>	2019-02-27 01:10:59 +00:00
Steven Allen	3c2536dd81	gx: update go-ipfs-cmds fixes #6021 License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-25 16:45:43 -07:00
Steven Allen	fea7ae727f	gx: update go-cid License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-20 20:29:06 -08:00
Steven Allen	f924f57c61	gx: update go-bitswap and go-libp2p-kad-dht * go-bitswap: fix some race conditions. * go-libp2p-kad-dht: fix a goroutine leak. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-20 17:19:54 -08:00
Steven Allen	2f17b951c2	gx: update deps * Updates go-ipfs-cmds to try to get the tests to pass on travis. * While we're at it, fix duplicate gx deps. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-19 13:12:21 -08:00
Jakub Sztandera	28cf3de0f9	Update protobuf License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>	2019-02-18 20:46:22 +01:00
Steven Allen	cf0d4706e2	gx: update libp2p stuff License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-14 14:58:35 -08:00
Steven Allen	e97a60b073	gx: update go-ipfs-files fix compatibility issue with js-ipfs License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-11 10:48:58 -08:00
Steven Allen	2c93eeffc6	gx: update go-libp2p-peer Switch _back_ to the 0.4.18 style of peer IDs while we figure things out. See https://github.com/libp2p/specs/issues/138. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-02-07 17:41:39 -08:00
Łukasz Magiera	7c2aa0e9a9	gx: update go-unixfs to propagate archive changes License: MIT Signed-off-by: Łukasz Magiera <magik6k@gmail.com>	2019-01-30 20:58:32 +01:00
Łukasz Magiera	53e55e3314	gx: update go-unixfs to 1.2.14 and go-bitswap to 1.1.21 (and everything else...) License: MIT Signed-off-by: Łukasz Magiera <magik6k@gmail.com>	2019-01-23 11:01:38 -08:00
Hector Sanjuan	ab270fbaa7	Bubble go-ipfs-cmds 2.0.10 License: MIT Signed-off-by: Hector Sanjuan <hector@protocol.ai>	2019-01-10 21:31:11 +01:00
Steven Allen	08cc5da55f	gx: update deps Importantly: * fixes a bunch of MFS bugs * pulls in some bitswap improvements License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-01-08 19:19:34 -08:00
Steven Allen	42a15ba7e4	Merge pull request #5893 from ipfs/fix/gateway-headers gateway: fix CORs headers	2019-01-08 13:25:08 -08:00
Steven Allen	4bbf4cc9a0	gateway, api: canonicalize headers from user config License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-01-04 13:18:16 -08:00
Steven Allen	543be29796	api: let the CORs library handle CORs headers License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2019-01-04 11:18:24 -08:00
Łukasz Magiera	7b4ab36817	gx: update go-ipfs-config License: MIT Signed-off-by: Łukasz Magiera <magik6k@gmail.com>	2019-01-04 02:37:06 +01:00
Steven Allen	5894291139	gx: update go-ipfs-config License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-12-20 10:07:32 -08:00
Łukasz Magiera	0618fd77be	gx: update go-ipfs-files to 2.0 License: MIT Signed-off-by: Łukasz Magiera <magik6k@gmail.com>	2018-12-20 13:52:20 +01:00
Steven Allen	90926ca5c7	gx: update go-ipfs-cmds License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-12-12 16:35:42 -08:00
Steven Allen	9dcec2b3e2	gx: update go-libp2p-peer Reverts the changes that allowed small keys (ed25519 keys) to be inlined. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-12-07 15:37:23 -08:00
Kevin Atkinson	feb4808975	Gx update go-merkledag and related deps. License: MIT Signed-off-by: Kevin Atkinson <k@kevina.org>	2018-11-28 17:21:36 -05:00
Steven Allen	cef645936d	gx: update go-ipfs-config * AutoRelay options for #5785. * Badger truncate-by-default option for #5275, #5625. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-11-26 17:42:13 -08:00
hannahhoward	0963c9cdcb	Update go-ipfs-delay and assoc deps License: MIT Signed-off-by: hannahhoward <hannah@hannahhoward.net>	2018-11-15 18:53:45 -08:00
Steven Allen	0d80fc54c3	gx: update go-log and sha256 fixes #5709 License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-11-02 21:17:20 -07:00
Steven Allen	ec9fac7379	gx: update go-ipld-cbor (might as well do this at the same time) License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-11-02 13:17:44 -07:00
Steven Allen	af53380e8c	gx: update go-path fixes the changed path cat error causing the js-ipfs-api tests to fail License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-30 09:27:41 -07:00
Hector Sanjuan	ef7234d269	Bubble deps License: MIT Signed-off-by: Hector Sanjuan <hector@protocol.ai>	2018-10-29 18:49:37 +01:00
Dominic Della Valle	38cae95f30	gx: update go-ipfs-cmds to 2.0.5 License: MIT Signed-off-by: Dominic Della Valle <ddvpublic@gmail.com>	2018-10-26 19:50:32 -04:00
Steven Allen	37f0fd92c7	gx: update go-ipfs-cmds (no code changes) License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-26 09:26:53 -07:00
Steven Allen	2b0bc7e084	configurable pubsub singing I'd like to sneak this into the release so we can turn on strict verification ASAP. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-26 04:00:44 -07:00
Steven Allen	e35d4ea58b	gx: update yamux (fixes a panic due to a race) License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-24 15:01:31 -07:00
Steven Allen	636bbc7e2b	gx update go-libp2p License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-24 13:39:48 -07:00
Steven Allen	c97c3459be	gx update License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-24 09:59:43 -07:00
Łukasz Magiera	59e5a9c652	gx: update to use extracted go-ipfs-files License: MIT Signed-off-by: Łukasz Magiera <magik6k@gmail.com>	2018-10-18 10:16:31 +02:00
Steven Allen	4f53736430	gx: update yamux and refmt * yamux: fix memory leak. * refmt: obey the "empty" tag. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-12 16:15:40 +01:00
Steven Allen	8117a2bcee	gx: update go-buffer-pool Turns out that `pool.Put(buf)` had to allocate because we needed to turn `[]byte` into `interface{}`. Apparently, we've never done this correctly we just never noticed because we never really used buffer pools extensively. However, since migrating yamux to a buffer-pool backed buffer, this started showing up in allocation profiles. License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-10 14:11:31 +01:00
Steven Allen	098933ade4	gx: update stuff * go-datastore and friends: GetSize * badger: new release, fewer allocations * go-mplex: send fewer packets * go-bitswap: pack multiple blocks in a single message, fewer allocations * go-buffer-pool: replace the buffer pool from go-msgio * yamux: fixed data race and uses go-buffer-pool for stream read-buffers to reduce memory and allocations. * go-libp2p-secio: get rid of a hot-spot allocation * go-libp2p-peerstore: reduced allocations (at the cost of some memory) More? License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-10-05 14:48:44 -07:00
Kevin Atkinson	d127f1be98	gx update libp2p/go-buffer-pool License: MIT Signed-off-by: Kevin Atkinson <k@kevina.org>	2018-10-04 20:05:26 -04:00
Kevin Atkinson	2e975add22	gx update go-libp2p-peerstore License: MIT Signed-off-by: Kevin Atkinson <k@kevina.org>	2018-10-04 20:04:22 -04:00
Lars Gierth	fc2575740e	gx: update go-ipfs-config, iptb License: MIT Signed-off-by: Lars Gierth <larsg@systemli.org>	2018-10-04 20:02:42 -04:00
Lars Gierth	2c3ed7efb0	gx: update go-datastore, go-libp2p-swarm License: MIT Signed-off-by: Lars Gierth <larsg@systemli.org>	2018-10-04 19:52:42 -04:00
Steven Allen	dac058f8be	gx: update go-log go-ipld-cbor (and friends) License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>	2018-09-24 05:36:29 -07:00

1 2 3

129 Commits