|
| 1 | +--- |
| 2 | +title: Addressing in Browsers |
| 3 | +menu: |
| 4 | + guides: |
| 5 | + parent: guides |
| 6 | +weight: 2 |
| 7 | +--- |
| 8 | + |
| 9 | +<!-- |
| 10 | +Based on the existing spec at: |
| 11 | +https://github.com/ipfs/in-web-browsers/blob/2896b7a642011bc92493971232b146e04c9a889c/ADDRESSING.md |
| 12 | +
|
| 13 | +Note there are pending tasks to update/extend spec: |
| 14 | +https://github.com/ipfs/in-web-browsers/issues/147 |
| 15 | +--> |
| 16 | + |
| 17 | +This document is a guide on how to address IPFS content paths on the web. |
| 18 | + |
| 19 | +## HTTP Gateways |
| 20 | + |
| 21 | +Gateways are provided strictly for convenience to help tools that speak HTTP but do not speak distributed protocols such as IPFS. They are the first stage on the upgrade path for the web. |
| 22 | + |
| 23 | +### Centralization Concerns |
| 24 | + |
| 25 | +HTTP Gateways has been working well since 2015 but comes with a significant set of limitations related to the centralized nature of HTTP and some of its semantics. Location-based addressing of a gateway depends on both DNS and HTTPS/TLS, which relies on the trust in Certificate Authorities and PKI. In the long term these issues should be mitigated by use of opportunistic protocol upgrade schemes. |
| 26 | + |
| 27 | +### Protocol Upgrade |
| 28 | + |
| 29 | +Tools and browser extensions SHOULD detect IPFS content paths and resolve them directly over IPFS protocol and use HTTP gateway ONLY as a fallback when no native implementation is available to ensure a smooth, backward-compatible transition. |
| 30 | + |
| 31 | +### Gateway Types |
| 32 | + |
| 33 | +#### Path Gateway |
| 34 | + |
| 35 | +In the most basic scheme an URL path used for content addressing is effectively a resource name without a canonical location. HTTP server provides the location part, which makes it possible for browsers to interpret IPFS content path as relative to the current server and just work without a need for any conversion: |
| 36 | + |
| 37 | +``` |
| 38 | +https://<gateway-host>.tld/ipfs/<cid>/path/to/resource |
| 39 | +https://<gateway-host>.tld/ipns/<ipnsid_or_dnslink>/path/to/resource |
| 40 | +``` |
| 41 | + |
| 42 | + |
| 43 | +<aside class="alert alert-info"> |
| 44 | + In this scheme all pages share a <a href="https://en.wikipedia.org/wiki/Same-origin_policy" target="_blank">single Origin <i class="fas fa-external-link-square-alt fa-sm"></i></a>, which means this type of gateway should be used when site isolation does not matter. |
| 45 | +</aside> |
| 46 | + |
| 47 | +Examples: |
| 48 | + |
| 49 | +``` |
| 50 | +https://ipfs.io/ipfs/bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/Vincent_van_Gogh.html |
| 51 | +https://ipfs.io/ipfs/QmT5NvUtoM5nWFfrQdVrFtvGfKFmG7AHE8P34isapyhCxX/wiki/Mars.html |
| 52 | +https://ipfs.io/ipns/tr.wikipedia-on-ipfs.org/wiki/Anasayfa.html |
| 53 | +``` |
| 54 | + |
| 55 | +#### Subdomain Gateway |
| 56 | + |
| 57 | +When [origin-based security](https://en.wikipedia.org/wiki/Same-origin_policy) perimeter is needed, [CIDv1](https://github.com/ipld/cid#cidv1) in Base32 ([RFC4648](https://tools.ietf.org/html/rfc4648#section-6), no padding) should be used in subdomain: |
| 58 | + |
| 59 | + https://<cidv1-base32>.ipfs.<gateway-host>.tld/path/to/resource |
| 60 | + |
| 61 | +Example: |
| 62 | + |
| 63 | + https://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.ipfs.dweb.link/wiki/ |
| 64 | + https://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.ipfs.cf-ipfs.com/wiki/Vincent_van_Gogh.html |
| 65 | + |
| 66 | + |
| 67 | +<aside class="alert alert-info"> |
| 68 | + Right now this type of gateway requires additional configuration (<a href="https://github.com/ipfs/infra/issues/81#issuecomment-461045160" target="_blank">example for Nginx <i class="fas fa-external-link-square-alt fa-sm"></i></a>), there is an ongoing work to <a href="https://github.com/ipfs/go-ipfs/issues/5982" target="_blank">add native support in IPFS daemon <i class="fas fa-external-link-square-alt fa-sm"></i></a>. |
| 69 | +</aside> |
| 70 | + |
| 71 | +#### DNSLink Gateway |
| 72 | + |
| 73 | +Gateway provided by IPFS daemon understands `Host:` header present in HTTP requests and will check if [DNSLink](/guides/concepts/dnslink) for specified [domain name](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) exists. |
| 74 | +If DNSLink is present, gateway will return content from a path resolved via DNS TXT record. |
| 75 | +This type of gateway provides full [Origin isolation](https://en.wikipedia.org/wiki/Same-origin_policy). |
| 76 | + |
| 77 | +Example: https://docs.ipfs.io (this website) |
| 78 | + |
| 79 | +For a more complete DNSLink guide, including tutorials, usage examples and FAQs, check out [dnslink.io](https://dnslink.io). |
| 80 | + |
| 81 | + |
| 82 | +--- |
| 83 | + |
| 84 | +## Native URLs |
| 85 | + |
| 86 | +Subdomain convention can be replaced with a native handler. The IPFS URL protocol scheme follows the same requirement of case-insensitive CIDv1 in Base32 as subdomains: |
| 87 | + |
| 88 | +``` |
| 89 | +ipfs://{cidv1b32}/path/to/resource |
| 90 | +``` |
| 91 | + |
| 92 | + |
| 93 | + |
| 94 | +IPFS URL does not retain original path, but instead requires a conversion step to/from URI representation: |
| 95 | + |
| 96 | +> `ipfs://{immutable-root}/path/to/resourceA` → `/ipfs/{immutable-root}/path/to/resourceA` |
| 97 | +> `ipns://{mutable-root}/path/to/resourceB` → `/ipns/{mutable-root}/path/to/resourceB` |
| 98 | +
|
| 99 | +The first element after double slash is an opaque identifier representing the content root. It is interpreted as an authority component used for Origin calculation, which provides necessary isolation between security contexts of different content trees. |
| 100 | + |
| 101 | +Example: |
| 102 | + |
| 103 | +``` |
| 104 | +ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/Vincent_van_Gogh.html |
| 105 | +``` |
| 106 | + |
| 107 | + |
| 108 | +<aside class="alert alert-info"> |
| 109 | + Support for case-insensitive IPNS roots is a <a href="https://github.com/ipfs/go-ipfs/issues/5287" target="_blank">work in progress <i class="fas fa-external-link-square-alt fa-sm"></i></a>. |
| 110 | +</aside> |
| 111 | + |
| 112 | +--- |
| 113 | + |
| 114 | +## References |
| 115 | + |
| 116 | + |
| 117 | +### Technical SPEC for Implementers |
| 118 | + |
| 119 | +The best and up-to-date source of truth about IPFS addressing can be found in [ADDRESSING.md](https://github.com/ipfs/in-web-browsers/blob/master/ADDRESSING.md). |
| 120 | + |
| 121 | +### Background on Address Scheme discussions |
| 122 | + |
| 123 | +The discussions around IPFS addressing has been going on since @jbenet published the [IPFS whitepaper](https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf), with a number of other approaches being proposed. That design discussion has been going on for a long time, with many lengthy discussions in GitHub issues. A good summary can be found in [this PR <i class="fas fa-external-link-square-alt fa-sm"></i></a>](https://github.com/ipfs/specs/pull/152). |
| 124 | + |
| 125 | +### Future: shared DWEB namespace |
| 126 | + |
| 127 | +DWeb community is exploring the idea of a shared `dweb` namespace to remove the complexity of addressing IPFS and other content-addressed protocols. Currently investigated approaches: |
| 128 | + |
| 129 | +- `dweb://` protocol handler ([arewedistributedyet/issues/28](https://github.com/arewedistributedyet/arewedistributedyet/issues/28)) |
| 130 | +- `.dweb` special-use top-level domain name ([arewedistributedyet/issues/34](https://github.com/arewedistributedyet/arewedistributedyet/issues/34)) |
0 commit comments