[FFmpeg-devel] [PATCH] ipfsgateway: Remove default gateway
Timo Rothenpieler
timo at rothenpieler.org
Thu Aug 11 15:08:43 EEST 2022
On 11/08/2022 00:27, Derek Buitenhuis wrote:
> A gateway can see everything, and we should not be shipping a hardcoded
> default from a third party company; it's a security risk.
>
> Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
> ---
> libavformat/ipfsgateway.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/libavformat/ipfsgateway.c b/libavformat/ipfsgateway.c
> index 5a5178c563..907b61b017 100644
> --- a/libavformat/ipfsgateway.c
> +++ b/libavformat/ipfsgateway.c
> @@ -240,13 +240,8 @@ static int translate_ipfs_to_http(URLContext *h, const char *uri, int flags, AVD
> ret = populate_ipfs_gateway(h);
>
> if (ret < 1) {
> - // We fallback on dweb.link (managed by Protocol Labs).
> - snprintf(c->gateway_buffer, sizeof(c->gateway_buffer), "https://dweb.link");
> -
> - av_log(h, AV_LOG_WARNING,
> - "IPFS does not appear to be running. "
> - "You’re now using the public gateway at dweb.link.\n");
> - av_log(h, AV_LOG_INFO,
> + av_log(h, AV_LOG_ERROR,
> + "IPFS does not appear to be running.\n\n"
> "Installing IPFS locally is recommended to "
> "improve performance and reliability, "
> "and not share all your activity with a single IPFS gateway.\n"
> @@ -259,6 +254,8 @@ static int translate_ipfs_to_http(URLContext *h, const char *uri, int flags, AVD
> "3. Define an $IPFS_PATH environment variable "
> "and point it to the IPFS data path "
> "- this is typically ~/.ipfs\n");
> + ret = AVERROR(EINVAL);
> + goto err;
> }
> }
>
ACK, hardcoding a public gateway is a huge NO from me.
Also in string favour of backporting this to 5.1, since it should have
never made it in there in the first place.
More information about the ffmpeg-devel
mailing list