Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Right click upload via ipfs.util.addFromURL sometimes does not work #227

Open
lidel opened this issue Mar 26, 2017 · 4 comments
Open

Right click upload via ipfs.util.addFromURL sometimes does not work #227

lidel opened this issue Mar 26, 2017 · 4 comments
Labels
status/blocked/missing-api Blocked by missing API status/blocked/upstream-bug Blocked by upstream bugs status/ready Ready to be worked

Comments

@lidel
Copy link
Member

lidel commented Mar 26, 2017
edited
Loading

Workaround until this issue is closed

Disable tracking protection in about:config:

2017-03-26-234833_770x386_scrot

The Problem

Browserified ipfs.util.addFromURL sometimes fails with ambiguous XHR error:

2017-03-26-215536_1141x50_scrot

It does not happen when I load extension via web-ext, but does occur with my regular instance when I right click on an image from Twitter, eg. https://pbs.twimg.com/profile_banners/752196928855744512/1468173187/1500x500

Update 2017-03-27

I temporarily replaced ipfs.util.addFromURL with thin wrapper on top of manual fetch:

async function addFromURL (info) {
  // ipfs.util.addFromURL(info.srcUrl, uploadResultHandler)
  try {
    console.log('addFromURL', info)
    const response = await fetch(info.srcUrl)
    const reader = new FileReader()
    reader.onloadend = () => {
      const buffer = Buffer.from(reader.result)
      ipfs.add(buffer, uploadResultHandler)
    }
    reader.readAsArrayBuffer(await response.blob())
  } catch (error) {
    console.error('Error during addFromURL', error)
  }
}

It enabled me to see the underlying problem.
Firefox is blocking request due to... Tracking protection.

2017-03-26-225053_852x101_scrot

This quite entertaining, given the fact that the image is already in browser's cache.
I'll see if it is possible to get data directly from DOM or local cache without tripping the protection.

If someone needs a workaround for v2.0.0alpha2, disable tracking protection in about:config:

2017-03-26-234833_770x386_scrot

Update 2017-03-28

Neither fetch nor XMLHttpRequest work.

I've found Mozilla Bug #1308640, which ended with FF 54 enabling bypass of Tracking Protection when add-on has explicit permission to URL.

The <all_urls>, which is used by the add-on, is implicit so it does not work.
To make it work in FF 54 we would have to manually specify EVERY domain in existence :trollface:

Update 2017-03-30

There is an open ticket to Bug 1345158 - Implement browser.privacy.trackingProtection API. If/when it lands, we could disable protection just for the instant that is used for fetching resource requested by user and then enabling it again.
@lidel lidel added the kind/bug A bug in existing code (including security flaws) label Mar 26, 2017
@lidel lidel added this to the v2.0.0 milestone Mar 26, 2017
@lidel lidel added the UX label Mar 26, 2017
lidel added a commit that referenced this issue Mar 29, 2017
@lidel
fix(contextMenu): display help when upload fails due to Tracking Prot…
f44f564 
…ection

This is a workaround until #227 gets a proper fix.
lidel added a commit that referenced this issue May 21, 2017
@lidel
fix(wx): Origin mismatch under Chromium
bdbadd2 
Turns out workaround introduced for Firefox in #227
broke right-click "Upload to IPFS" function under Chromium ;-)

This commit adds userAgent check and enables workaround only
under Firefox, making Chromium (#218) happy.
lidel added a commit that referenced this issue May 24, 2017
@lidel
fix(wx): Origin mismatch under Chromium
0afb113 
Turns out workaround introduced for Firefox in #227
broke right-click "Upload to IPFS" function under Chromium ;-)

This commit adds userAgent check and enables workaround only
under Firefox, making Chromium (#218) happy.
@lidel lidel added the status/blocked/missing-api Blocked by missing API label Jul 22, 2017
@lidel lidel added status/blocked/upstream-bug Blocked by upstream bugs and removed kind/bug A bug in existing code (including security flaws) labels Jul 22, 2017
@lidel
Copy link
Member Author

lidel commented Aug 10, 2017
edited
Loading

Note to self:
Bug 1345158 - Implement browser.privacy.trackingProtection API will be released with Firefox 57 (src).
Usage instructions are in this comment.

@lidel
Copy link
Member Author

lidel commented Oct 12, 2017
edited
Loading

Note to self - documentation for browser.privacy.websites.trackingProtectionMode just landed:

Browser compatibility table confirms it will be available in Firefox 57.

@lidel lidel mentioned this issue Nov 27, 2017
Closed
@lidel lidel removed this from the v2.0.0 milestone Dec 2, 2017
@lidel
Copy link
Member Author

lidel commented Apr 2, 2018
edited
Loading

I was thinking about this and I really hope there will be a better way to handle this than temporarily disabling TP for the entire browser.

Added a comment with our use case to the Bug 1404610: Tracking protection should not apply on extension pages.

@lidel lidel added the status/ready Ready to be worked label Sep 22, 2018
@lidel lidel mentioned this issue Feb 4, 2021
Open
@lidel lidel mentioned this issue Apr 8, 2021
Closed
@darthnithin
Copy link

darthnithin commented Sep 25, 2021
edited
Loading

I am still getting this error even when tracking protection is disabled

@galargh galargh moved this to To do in IPFS-GUI (PL EngRes) Sep 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/blocked/missing-api Blocked by missing API status/blocked/upstream-bug Blocked by upstream bugs status/ready Ready to be worked
Projects
No open projects
IPFS-GUI (PL EngRes)
Status: Needs Grooming
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lidel @jessicaschilling @darthnithin