..

关于修改ipfs的POST方式

有个需求,请求方考虑到他的架构,想通过GET请求ipfs的内容。
如:

curl -X POST "http://127.0.0.1:5001/api/v0/cat?arg=QmSsw6EcnwEiTT9c4rnAGeSENvsJMepNHmbrgi2S9bXNJr"

修改为

curl "http://127.0.0.1:5001/api/v0/cat?arg=QmSsw6EcnwEiTT9c4rnAGeSENvsJMepNHmbrgi2S9bXNJr"

然后,去看了下文档,发现说的很明白,为了安全考虑,从去年开始就禁止了GET,全部改为POST。


如下1

HTTP API: Disallow GET requests on API This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler to only allow POST/OPTIONS, disallowing GET and others in the handling of command requests in the IPFS HTTP API (where before every type of request method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website accessed by a browser abuses the IPFS API by issuing GET requests to it which have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the HTTP endpoint (usually :5001). Applications integrating on top of the gateway-read-only API should still work (including cross-domain access).

ChangeLog:

POST Only

IPFS has two HTTP APIs:

  • Port 5001: http://localhost:5001/api/v0/… - the API
  • Port 8080: http://localhost:8080/api/v0/… - a read-only subset of the API, accessible via the gateway

As of this release, the main IPFS API (port 5001) will only accept POST requests. This change is necessary to tighten cross origin security in browsers.

If you’re using the go-ipfs API in your application, you may need to change GET calls to POST calls or upgrade your libraries and tools.

  • go - go-ipfs-api - v0.0.3
  • js-ipfs-http-api - v0.41.1
  • orbit-db - v0.24.0 (unreleased)

这个地方肯定是不能改了,只能让请求方写个代理,暂时解决一下。