My IPFS files from your gateway: "Refused to connect to ..." #2143
Comments
|
Refused to connect to 'https://polygon-rpc.com/' because it violates the document's Content Security Policy. ¿?¿?¿? Are you a web3 and blockchain NFT provider or not? |
|
Hi! We had to adjust our Content Security Policy because of the use of nftstorage.link to share malware, phish users, etc. Please note that this affects the use of nftstorage.link, and not the broader NFT.Storage storage platform. We're figuring out how to still support NFT use cases that might rely on cross-origin URLs. If you could share more about what you're trying to do, that'd be really helpful! Some more relevant thoughts can be found here: nftstorage/nftstorage.link#175 (comment) |
|
Hi David, We are using your IPFS service to host a gateway of our web3 project NFCA This is the repository of the NFCA gateway. As you can see it´s connect to a Github raw to know version updates and it`s connect to Polygon mainnet via Ethers.js library. Nothing strange or related with malware : ) You can check a full list of all the NFCA gateways and view in action here: https://nfca.cc/documentation#Gateway-list And here what´s happend with the ipfs.nftstorage.link gateway
Is not a problem if you still with your Security Policy, as you can see, Infura, DWeb, Fleek, Arweave and others trust it. In our documentation we are recommending NFT.Storage for IPFS hosting. But we are sorry, if this limitation continues we will have to stop doing it. Maybe you can find a middle way... Thank you for support |
|
@Gozala what do you think about whitelisting polygon and github domains? |
|
I have created change to whitelist those hosts as a stop gap solution until we develop something more sophisticated. In long term I would not like us to be in the position of whitelisting certain hosts across all of the NFTs as the list of things can grow beyond HTTP header limits. Instead I think we should:
|
|
Hey @HermesAteneo could you please help us better understand your use case ? Specifically I'm not sure I understand why specific NFT would need to connect to polygon RPC ? Is the NFT at hand pulls new info from the blockchain to do something interesting with it ? Otherwise it would seem reasonable to bundle any info with a content itself so that guarantees of content addressing can be upheld. |
|
hi @Gozala NFCA (Non-Fungible Content Alias ) is a new NFT concept because are dynamic content NFT. The project has just started, but you can see an example of what our NFT collection looks like on Opensea: Our main objective is that access to the content of each NFT cannot be censored. Therefore, the more gates there are, the better. That's why we liked to also have your IPFS gateway. In addition, we are advertising you. (with pleasure because we think you do a great job) But it is not a problem if you have a paranoic security policy because we have a lot of gateways, and it´s possible to download the gateway an have a local access to NFCA universe :) In our roadmap is planned a NFCA search engine too: https://dalias.top The goal is to be able to search into all uncensorable content of all NFCAs. |
|
A practical use of our project for your case is to set a rememberable alias to the non-rememberable IPFS cid Example: The IPFS CID: The NFCA: ("NFT-img-link" is the recorded alias) In the mintable version any alias can be minted as NFT. And the content of the alias can be editable at any time. https://nfca.cc/dev/NFT-img-link In all the NFCA Gateways can access to any Alias: https://nfca-gate.github.io/dev/?NFT-img-link https://gateway.on.fleek.co/dev/?NFT-img-link https://nfca.pumpydumpy.com/dev/?NFT-img-link (NFTStorage doesnt work because your security policy): We are recommending NFT.storage to our customers to save their Alias Content. But if your security policy continues, we won't be able to do it anymore :( |
|
Hi - this PR https://github.com/nftstorage/nftstorage.link/pull/176/files#r951959401 allows content from
|
|
We are using your gateway. It´s blocked yet. |
|
Reopening. Can you verify that the Polygon and Github links work, and it's a matter of adding Fantom as well? Can you specify the domain if so? |
|
Nothing works yet. You can see by yourself with the browser inspector (F12) Polygon mainnet connection and github blocked: Fantom testnet connection and github blocked |
|
The last links corresponds to the previous DApp. Uploaded before your change Is necessary to upload again the DApp to your IPFS server? |
|
It has nothing to do with where the data is stored, just the gateway server. @Gozala any thoughts on why it's not working for the Polygon and Github domains? |
|
nftstorage/nftstorage.link#176 was not yet merged. Once merged and released this should be fixed |
|
@HermesAteneo can you test? Just got the fix deployed |
|
Works for Polygon RPC, not for Github, not for Fantom... however, forget my petition, because our DApp load content from other servers like Arweave, Sia Skynet, etc... and the design is broken. We'd rather do without your gateway than deal with all these headaches. Thanks nonetheless. |
Our IPFS html files that connect to github files or blockchain RPC now doesnt work and launch in the navigator :
"Refused to connect to ..."
Why?
The text was updated successfully, but these errors were encountered: