Secure content and static web sites

jkirby · October 11, 2023, 4:14pm

I have a static web page that loads from IPFS. It has a stylesheet that is loaded. This works fine until I enable my local IPFS node. Because my local IPFS node is insecure, the page fails to load the CSS file. These files are pinned on my gateway node, that is secure.

Everything works as long as I do not have my local node running. The easy solution is to paste the CSS code directly into the web HTML file. But that makes for a messy code. I also want to move lots of JS code to separate .js files that may have the same issue.

For many users, this is not a problem, but for users who are running their insecure nodes, it presents a problem.

Here is a page that works if it is not passing through your local IPFS node:

Any thoughts?

jkirby · October 11, 2023, 5:59pm

I figured it out:

<link
  rel="stylesheet"
  crossorigin="anonymous"
  integrity="sha384-{hash}"
  href="IPFS URL">

You have to use openssl to generate the hash:

openssl dgst -sha384 -binary style.css | openssl base64 -A

jkirby · October 11, 2023, 6:13pm

What is funny is because the files are in IPFS, the cross-origin integrity check is redundant

Topic		Replies	Views
Images or CSS in IPFS pages are not rendered and time out IPFS	0	164	January 24, 2023
Static Website Displays As Code (SOLVED) Help	0	285	May 12, 2019
LAMP - Linux, Apache, MySQL, PHP / Python (Wordpress) Ecosystem	1	389	May 15, 2021
Setting up a static HTML that connects to ipfs and resolves hash Help js-ipfs	9	1747	November 28, 2017
Is it possible to use the IPFS-JS code to securely fetch third party code? Ecosystem	2	749	October 13, 2017

Secure content and static web sites

Related Topics