Support explicit whitelist of exposed APIs #29

lidel · 2018-05-23T16:55:27Z

There are contexts in which we don't want to expose sensitive APIs such as name.publish or config.

For now we can throw an error in pre hook provided to createProxyServer , but ideally only whitelisted APIs should be exposed via window.ipfs.
(optional, nice to have) We should add a method window.ipfs.availableApis which just exposes a list of available function names.

The text was updated successfully, but these errors were encountered:

lidel mentioned this issue May 23, 2018

Improving security of window.ipfs (low hanging fruits) ipfs/ipfs-companion#484

Merged

lidel mentioned this issue Jun 4, 2018

Refine security and UX constraints for window.ipfs ipfs/ipfs-companion#454

Closed

12 tasks

Provide feedback