Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update ipfs deps #1899

Merged
merged 7 commits into from
Jan 21, 2022
Merged

chore: update ipfs deps #1899

merged 7 commits into from
Jan 21, 2022

Conversation

hacdias
Copy link
Member

@hacdias hacdias commented Sep 2, 2021

Depends on #1895.

License: MIT
Signed-off-by: Henrique Dias hacdias@gmail.com

@hacdias hacdias changed the base branch from main to chore/update-dependencies September 2, 2021 13:48
@hacdias
Copy link
Member Author

hacdias commented Sep 2, 2021

@lidel after upgrading the IPFS-related dependencies, now I get a 403 error whenever we try to call ipfs.id() unless I add * to the Access-Control-Allow-Origin API's field in the daemon settings. This seems quite odd as we're not in a browser environment. Were there any security-related changes on the HTTP Client or ipfsd-ctl that may have caused this?

This was referenced Sep 6, 2021
Closed
Closed
@lidel lidel changed the title update basic deps chore: update ipfs deps Sep 6, 2021
Base automatically changed from chore/update-dependencies to main September 6, 2021 14:26
lidel
lidel requested changes Sep 6, 2021
View reviewed changes
Copy link
Member

@lidel lidel left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I rebased this PR on top of main which already included all the other updates)

@hacdias no idea what changed – perhaps some fetch polyfill deep inside on dependencies? I've seen some dark arts happening around ipfs/js-ipfs-utils#136 👻

Setting Access-Control-Allow-Origin is a security risk, we need to find a proper fix.

@lidel
Copy link
Member

lidel commented Sep 7, 2021
edited

@achingbrain does this look familiar? Did anything land in js-ipfs-http-client (or its deps) that could change the way fetch works?

@achingbrain
Copy link
Member

@lidel nothing springs immediately to mind & we're running ipfs-http-client tests against go-ipfs@0.9.1 in CI, same as the deps here.

ipfs/js-ipfs-utils#136 is just to stop using the undocumented npm:some-module dep version override style in favour of a tarball so codepen-style environments can use it. We need node-fetch with node-fetch/node-fetch#1172 applied otherwise stream errors that occur during pubsub subscriptions are swallowed silently 🙄.

47.x.x to 52.x.x is quite a big jump though, could you step through each version to find out which one stopped working?

@hacdias
Copy link
Member Author

hacdias commented Sep 10, 2021
edited

@achingbrain upgrading from 47.x to 48.x seems to create the issue. I wonder if it is related to ipfs/js-ipfs#3275

It seems there's an header 'Origin' with the value 'null' being sent. Shouldn't it just be omitted? (Adding 'null' to the allowed origins works, but setting the mode to no-cors does not work)

image

hacdias and others added 3 commits December 17, 2021 13:19
@hacdias
update basic deps
ec80120 
License: MIT
Signed-off-by: Henrique Dias <hacdias@gmail.com>
@hacdias
chore: update ipfs deps
31ee1e9 
License: MIT
Signed-off-by: Henrique Dias <hacdias@gmail.com>
@lidel @hacdias
chore: ipfs-http-client and electron-notarize
a2e8917
@hacdias
Copy link
Member Author

hacdias commented Dec 17, 2021

@lidel seems that removing our old CORS logic for IPFS Desktop solves the issue successfully. Could you please take a look at this PR?

(PS: I could not run the tests locally - electron-userland/spectron#929 - gotta work on #1937)

@hacdias hacdias marked this pull request as ready for review December 17, 2021 13:06
@hacdias hacdias requested a review from lidel December 17, 2021 13:13
@hacdias hacdias added this to In Review in Maintenance Priorities - JS via automation Dec 17, 2021
@lidel
chore: remove deprecated i18next-node-fs-backend
2f39dd2 
We already use i18next-fs-backend
lidel
lidel approved these changes Dec 17, 2021
View reviewed changes
Copy link
Member

@lidel lidel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but will merge after I'm back in January :)

src/daemon/daemon.js Outdated Show resolved Hide resolved
src/webui/index.js Show resolved Hide resolved
src/webui/index.js Show resolved Hide resolved
@hacdias hacdias mentioned this pull request Jan 3, 2022
Closed
@hacdias
check for ECONNREFUSED too
34627f4 
License: MIT
Signed-off-by: Henrique Dias <hacdias@gmail.com>
@hacdias

This comment has been minimized.

Sign in to view
@hacdias hacdias moved this from In Review to In Progress in Maintenance Priorities - JS Jan 7, 2022
@hacdias hacdias moved this from In Progress to In Review in Maintenance Priorities - JS Jan 7, 2022
@lidel lidel merged commit a246daa into main Jan 21, 2022
Maintenance Priorities - JS automation moved this from In Review to Done Jan 21, 2022
@lidel lidel deleted the chore/update-ipfs-deps branch January 21, 2022 01:26
@lidel lidel mentioned this pull request Jan 21, 2022
Merged
3 tasks
lidel added a commit that referenced this pull request Jan 21, 2022
@lidel
fix: correctly remove $IPFS_PATH/api file
1f4846e 
This fixes regression introduced by #1899
lidel added a commit that referenced this pull request Jan 21, 2022
@lidel
chore: smaller dep updates (#1959)
3b13847 
* chore: smaller dep updates
* fix: correctly remove $IPFS_PATH/api file

This fixes regression introduced by #1899
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lidel lidel lidel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
IP JS (PL EngRes) v2
Archived in project
Maintenance Priorities - JS
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hacdias @lidel @achingbrain