-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Control how content origin is determined #6
Comments
notes to self Origin
An
Suborigin
Secure contexts
Related to origin but a separate issue, it would be appropriate to flag content-addressed files as a Secure Context, as their content can be validated from their address, an essential property of content-addressing. The browser would have to trust that the provider (e.g ipfs daemon) has ensured that the content received was valid before passing it on. Without he blessing of a SecureContext, content loaded via new protocols doesn't get access to new apis like WebCrypto #8 and going forwards, Firefox is demanding SecureContexts for all new apis https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/ |
Initial draft was merged with #17, some remaining questions extracted from that PR: Suborigins:
Programmable Origin:
|
Content addressing replaces the notion of a content "origin" with a trustless, p2p integrity checking, so you can reliably fetch content from any and all peers that have it. Domains as the content origin are a core assumption used in the browser security model. We need to define how
Origin
should be calculated for originless content addressed uris.See: https://bugzilla.mozilla.org/show_bug.cgi?id=1271553#c47
Sub origin Suborigins ipfs/in-web-browsers#66
The text was updated successfully, but these errors were encountered: