-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safelisting DWeb Protocols #23
Comments
@KenjiBaheux regarding "registering whitelisted dweb protocols": yes, safelisting dweb protocols in Chrome would be a valuable step in the right direction! With current Firefox Stable (61) the "user installs extension Foo and is able to open content from foo:// URLs" is possible thanks to:
Right now Chrome does not allow webextensions to automatically register basic redirect handler nor manually register dweb protocol without web+ prefix. Would be greeat if Chrome could follow what was done in Firefox. |
We are tracking the whitelisting of dweb protocols via navigator.registerProtocolHandler in crbug.com/651311.
|
@KenjiBaheux Thanks for the update! Without "simplified handler" the UX for registering support for a new protocol in URLs is okay for websites, but still quite bad on webextension side. Take a look at a simplified flow:
This means user has to not only install browser extension but also go over all those steps, otherwise there will be no support for new protocol. Still, even With the very thin sugar-coating provided by webextension's manifest.json/protocol_handlers UX is much better:
|
In an effort to get this off the ground opened issue for changing WHATWG HTML Spec to include DWeb protocols on the "safelist": whatwg/html#3935 On the vendor side "safelist" support looks like this:
|
We just posted our public intent to implement and ship additional safelisted protocols. I don't expect any major push back but feel free to voice your support and share details about what this enables for you and end-users. |
@KenjiBaheux I filled https://crbug.com/883274 (Extensions API should implement manifest.json/protocol_handlers) to address UX issues from #23 (comment). |
It would be great to have |
@agentofuser |
Tested this and it seems that Firefox 88 does not currently suppport and the whatwg/html spec change is waiting on a positive response from Mozilla
|
Yes, and Mozilla's bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1631446 |
Summary
We want dweb protocols to be available without
web+
prefix in contexts such as:navigator.registerProtocolHandler
Namely: "ssb", "dat", "ipfs", "ipns", "dweb" (comment if something else should be added to the list)
Motivation
Safelisting protocols in above contexts is an easy change and it makes it possible for community to start using non-HTTP addresses with HTTP-based gateways/readers even before native protocol handler API is introduced.
Additionally, if we have at least two vendors implementing proposed change we would have a solid case for adding them as safelisted-scheme in HTML Spec.
Tasks
navigator.registerProtocolHandler
allows handler withoutweb+
prefixnavigator.registerProtocolHandler
-like handler without user interaction (see Safelisting DWeb Protocols #23 (comment) for more context)Resources
navigator.registerProtocolHandler
The text was updated successfully, but these errors were encountered: