Add dweb.link to publicsuffix.org
lidel opened this issue · comments
Parent issues: https://github.com/ipfs/ipfs/issues/337, ipfs/in-web-browsers#89
cc #391, #81, ipfs/kubo#5982, ipfs/ipfs-companion#527, @mburns, @lgierth, @Stebalien
Context
As noted in #81, we will be setting up cid-in-subdomain proxying at <cidv1b32>.ipfs.dweb.link
I believe getting it right means adding it to The Public Suffix List (publicsuffix.org), to ensure websites loaded via dweb.link gateway can't interfere with each other's cookies.
Proposal
Changes I want to submit in a PR to publicsuffix/list are in lidel/list#dweb.link branch:
Add public suffix entries for dweb.link
Anyone can effectively create the following subdomains by adding content to IPFS:
*.ipfs.dweb.link (eg: bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.ipfs.dweb.link)
Other protocols will be supported in the future, for example:
*.dat.dweb.link (eg: 778f8d955175c92e4ced5e4f5563f69bfec0c86cc6f670352c457943666fe639.dat.dweb.link)
To ensure websites loaded via dweb.link gateway can't interfere with each other's cookies,
I suggest adding the following public suffix record:*.dweb.link
Tasks
Based on https://github.com/publicsuffix/list/wiki/Guidelines#submitting-amendments I've split this endeavor into small subtasks:
- Fork publicsuffix/list and add suffix for
*.dweb.link
- Someone from infra team reviews proposed change to publicsuffix.org and confirms
noc@
email listed there is valid for this use (just add comment in this issue).[..] make sure that the email you listed in the pull request is valid, as we may use it for validation or private follow ups.
- We need to make
http://<cidv1b32>.ipfs.dweb.link
work (this should return wikipedia, right now returns 404):When submitting private domains, provide expected input/output to help us validate the correctness of the request
- PR against publicsuffix/list and writes down the PR number
- Done in publicsuffix/list#766
- Infra team adds DNS TXT record to authorize the PR number created in the previous step (details)
$ dig TXT _psl.dweb.link https://github.com/publicsuffix/list/pull/<TBD>
- update the PR marking it ready for review and we wait for it to be approved
I've actually got this ball rolling already: publicsuffix/list#766
Happy to tweak my PR to match yours (apex + subdomains vs your use of wildcard, etc)
@mburns 🤦♂️ I probably made a typo in search and that is why I did not found already existing PR – sorry!
I am closing this in favour of #83 (comment)
ps. If we swap subdomains with wildcard it will save us time waiting for another PR when we want to add a gateway for dat
or something else – but its up to you :)