Secure content and static web sites

jkirby · October 11, 2023, 4:14pm

I have a static web page that loads from IPFS. It has a stylesheet that is loaded. This works fine until I enable my local IPFS node. Because my local IPFS node is insecure, the page fails to load the CSS file. These files are pinned on my gateway node, that is secure.

Everything works as long as I do not have my local node running. The easy solution is to paste the CSS code directly into the web HTML file. But that makes for a messy code. I also want to move lots of JS code to separate .js files that may have the same issue.

For many users, this is not a problem, but for users who are running their insecure nodes, it presents a problem.

Here is a page that works if it is not passing through your local IPFS node:

Any thoughts?

jkirby · October 11, 2023, 5:59pm

I figured it out:

<link
  rel="stylesheet"
  crossorigin="anonymous"
  integrity="sha384-{hash}"
  href="IPFS URL">

You have to use openssl to generate the hash:

openssl dgst -sha384 -binary style.css | openssl base64 -A

jkirby · October 11, 2023, 6:13pm

What is funny is because the files are in IPFS, the cross-origin integrity check is redundant

Topic		Replies	Views
Images or CSS in IPFS pages are not rendered and time out IPFS	0	204	January 24, 2023
Static Website Displays As Code (SOLVED) Help	0	317	May 12, 2019
LAMP - Linux, Apache, MySQL, PHP / Python (Wordpress) Ecosystem	1	428	May 15, 2021
Setting up a static HTML that connects to ipfs and resolves hash Help js-ipfs	9	1793	November 28, 2017
IPFS Local Node Hosting and Security	3	388	March 2, 2021

Secure content and static web sites

Related topics