Check for this

[noryev]

Gateway man-in-the-middle vulnerability Employing a public or private HTTP gateway sacrifices end-to-end cryptographic validation of the delivery of the correct content. Consider the case of a browser fetching content with the URL https://ExampleGateway.com/ipfs/{cid}. A compromised ExampleGateway.com provides man-in-the-middle vulnerabilities, including:

Substituting false content in place of the actual content retrieved via the CID. Diverting a copy of the query and response, as well as the IP address of the querying browser, to a third party. A compromised writeable gateway may inject falsified content into the IPFS network, returning a CID which the user believes to refer to the true content. For example:

Alice posts a balance of 123.54 to a compromised writable gateway. The gateway is currently storing a balance of 0.00, so it returns the CID of the falsified content to Alice. Alice gives the falsified content CID to Bob. Bob fetches the content with this CID and cryptographically validates the balance of 0.00. To partially address this exposure, you may wish to use the public gateway cf-ipfs.com (opens new window)as an independent, trusted reference with both same-origin policy and CORS support.

#

[noryev]

[noryev]