GitLab

This upgrades to the next DHT version, but in backwards compatibility mode.

Spec says that response with 405 must set Allow headers.

This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).
Co-Authored-By: Steven Allen <steven@stebalien.com>
Co-Authored-By: Marcin Rataj <lidel@lidel.org>

And align capitalization.

This logic collects a list of known relays by testing every new connection.

It exists so we can dial /p2p-circuit/p2p/QmFoobar addresses (circuit addresses
that don't specify the relay). However, this kind of address is useless outside
of basic demos as a random relay is practically guaranteed to not be connected
to the target peer. Picking a random relay to connect to some peer is almost
_never_ the desired behavior.

Instead of feeding through the top-level context, feed through a cancel-free
context (that still carries the same context values). Then, when the top-level
context is canceled, call `stop` to shut everything down in-order. Finally,
cancel the inner context to make sure everything has been cleaned up.

Ideally, we just wouldn't use contexts for this. But this is strictly better
than what we have.

Switches to TLS as the default security transports.

Uses the new libp2p AutoNAT option.

* Support peer IDs encoded as CIDs.
* Support looking up the identity key by peer ID.

- add the `gitignore` or `ignore options to the add command

When request is sent to http://localhost:8080/ipfs/$cid response has
HTTP 301 status code and "Location" header with redirect destination at
$cid.ipfs.localhost:8080

Redirect is followed by browsersi, but not by commandline tools.
Status 301 is ignored by curl in default mode: it will print response
and won't follow redirect, user needs to add -L for that.

To fix curl, we return correct payload in body of HTTP 301 response,
but set Clear-Site-Data header to ensure Origin sandbox can't be abused.

This requires a surgical workaround:
If Location header is present in ResponseWriter's Header map,
we ensure http.ServeContent() returns HTTP 301

Context: https://github.com/ipfs/go-ipfs/pull/6982

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>

Instead of adding a new fake header (that could be spoofed by the client...),
just read the original request URI from the request object.

This also removes support for suborigins. They have never been implemented in
browsers and it looks like efforts have stalled. We can add support back if we
need it but, well, maintaining support was going to be more trouble than it was
worth.

License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>

(we're implementing an _actual_ proxy)

License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>

Turns out that our CLI help text doesn't indicate whether or not a command takes
a file.

Co-Authored-By: Johnny <9611008+johnnymatthews@users.noreply.github.com>

* Adds the `--parents` optiont to the first command so that it is runnable
* Updates the description to specifies the option to use if you _do_ want nonexistant intermediate directories created

This won't fetch files from graphsync but will serve them.

fixes #6830

fixes #4318

Co-Authored-By: Moritz <13287984+mohe2015@users.noreply.github.com>

This seems like a tiny leftover.