Open MicahZoltu opened 5 months ago
Thanks @milahu this sounds like a good feature to have, the reason it doesn't have it today is because not all gateways support subdomain gateways. The default gateway does, but that's not the norm. I think we can implement a simple check to validate if the server supports subdomain gatways and then generate those links.
I'll mark this as a backlog item.
Describe the bug When you right click on a file in Files and choose "Share Link" you are given a URL like
https://<host>/ipfs/<cid>
. This should be of the formhttps://<cid>.ipfs.<host>
for security reasons.To Reproduce Steps to reproduce the behavior:
Expected behavior Subdomain routing is always used.
Additional context Path routing is known to be insecure for websites that use cookies, local storage, etc. This is well documented in the IPFS documentation and the documentation and security experts all recommend using subdomain routing whenever possible (which is almost always possible). These share links are encouraging people to share URLs that are insecure by default, and we should instead be using subdomain by default.