Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read-only API calls are accepted on the gateway port #7031

Closed
MichaelMure opened this issue Mar 25, 2020 · 4 comments
Closed

Read-only API calls are accepted on the gateway port #7031

MichaelMure opened this issue Mar 25, 2020 · 4 comments
Labels
help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up

Comments

@MichaelMure
Copy link
Contributor

Version information:

0.4.23 and master

Description:

$ ipfs daemon &
...
API server listening on /ip4/127.0.0.1/tcp/5001
Gateway (readonly) server listening on /ip4/127.0.0.1/tcp/8080

$ curl 127.0.0.1:8080/api/v0/version
{"Version":"0.5.0-dev","Commit":"be505da39","Repo":"9","System":"amd64/linux","Golang":"go1.14"}

$ curl 127.0.0.1:8080/api/v0/ls?arg=QmUyqSdF5V5pSDmwDHmyAU42xojqu5RuD59KRaa6WvxCm7
{"Objects":[{"Hash":"QmUyqSdF5V5pSDmwDHmyAU42xojqu5RuD59KRaa6WvxCm7","Links":[]}]}

Excerpt of the config:

  "Addresses": {
    "API": "/ip4/127.0.0.1/tcp/5001",
    "Announce": [],
    "Gateway": "/ip4/127.0.0.1/tcp/8080",
    "NoAnnounce": [],
    "Swarm": [
      "/ip4/0.0.0.0/tcp/4002",
      "/ip6/::/tcp/4002"
    ]
  },

Digging further this seems to be intentional (#1389) but is this really something that should be kept ? What about a config to disable this behavior ?
@MichaelMure MichaelMure added the kind/bug A bug in existing code (including security flaws) label Mar 25, 2020
@Stebalien Stebalien added kind/enhancement A net-new feature or improvement to an existing feature and removed kind/bug A bug in existing code (including security flaws) labels Mar 25, 2020
@Stebalien
Copy link
Member

This is a feature. It allows DAPPs served from a gateway to make read-only requests against the daemon. We can make it optional if it's an issue.

What's your motivation for disabling it?

@hsanjuan hsanjuan added the need/author-input Needs input from the original author label Mar 26, 2020
@MichaelMure
Copy link
Contributor Author

No necessarily an issue for Infura as we filter those in our reverse proxy but that's a surprising behavior (I had no idea even though I followed IPFS for a long time).

The idea of making it configurable is twofold:

  • it allows gateway operator to disable the behavior if they don't want it
  • it raises the awareness about this by being part of heavily read part of the documentation

Feel free to dismiss this issue, it's just a sort of feedback.

@hsanjuan hsanjuan added help wanted Seeking public contribution on this issue P2 Medium: Good to have, but can wait until someone steps up and removed need/author-input Needs input from the original author labels Mar 27, 2020
@hsanjuan
Copy link
Contributor

Thanks, I suppose we can accept contributions to make this configurable (and document the behaviour).

@lidel
Copy link
Member

lidel commented Mar 21, 2024

Removed in #10352

@lidel lidel closed this as completed Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Seeking public contribution on this issue kind/enhancement A net-new feature or improvement to an existing feature P2 Medium: Good to have, but can wait until someone steps up
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lidel @MichaelMure @Stebalien @hsanjuan