You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've created a fork of this extension with some enhancements:
The extension now retrieves the webpage's CID from an IPFS gateway and performs a SHA256 hash on both the served browser content and the fetched content. If they match, the webpage's content is verified.
I've incorporated the use of Helia's trustless gateway for client-side verifications on the gateway-delivered content. This ensures the content remains unchanged and authentic, addressing potential manipulation on the gateway's side. Currently, no mainstream trustless IPFS gateways are released for production use. The version I'm using is designed for developers to explore new features before the official release, which has been ongoing since October. I'm resolving issues related to importing their libraries in the extension, considering the browser's security concerns due to library redirects. Once resolved, this version should be ready.
Currently, the extension is configured for use on the fleek.xyz website. For production, we can link it to our NFA database later and apply filters to all NFA domains. (Check out NFAs)
One uncertainty I have about this approach is dealing with situations where a JS script modifies the webpage after the verification checks. There seems to be no direct method to validate the altered webpage content post-modification.
Hello!
I've created a fork of this extension with some enhancements:
The extension now retrieves the webpage's CID from an IPFS gateway and performs a SHA256 hash on both the served browser content and the fetched content. If they match, the webpage's content is verified.
I've incorporated the use of Helia's trustless gateway for client-side verifications on the gateway-delivered content. This ensures the content remains unchanged and authentic, addressing potential manipulation on the gateway's side. Currently, no mainstream trustless IPFS gateways are released for production use. The version I'm using is designed for developers to explore new features before the official release, which has been ongoing since October. I'm resolving issues related to importing their libraries in the extension, considering the browser's security concerns due to library redirects. Once resolved, this version should be ready.
You can find the repository at: https://github.com/EmperorOrokuSaki/trustless-ipfs-verifier (This is not a GitHub fork; I created a separate repo for more control, still preserving dev commits from the original repo.)
Currently, the extension is configured for use on the fleek.xyz website. For production, we can link it to our NFA database later and apply filters to all NFA domains. (Check out NFAs)
One uncertainty I have about this approach is dealing with situations where a JS script modifies the webpage after the verification checks. There seems to be no direct method to validate the altered webpage content post-modification.
Here are some related documents for reference:
Feel free to explore the repository and provide feedback or suggestions.
The text was updated successfully, but these errors were encountered: