MIME sniffing could be potentially dangerous on the gateway

[mitar]

Web history is full of security issues when browsers did MIME sniffing to "fix" broken MIME types returning by servers.

• http://www.adambarth.com/papers/2009/barth-caballero-song.pdf
• http://www.h-online.com/security/features/Risky-MIME-sniffing-in-Internet-Explorer-746229.html

Now if seems that IPFS is doing the same. I think this is very problematic if we want to host whole web applications on top of IPFS. I think there should be a way to at least set a fixed MIME type, or even add headers like X-Content-Type-Options: nosniff.

One other option could be that MIME type would be resolved at the adding the file to the IPFS. Not at the gateway sending time. So user could check and verify what is the MIME type detected, and then override that if necessary.

See also:

• Need more support mime-types. kubo#2164
• Gateway content-type response header ipfs-inactive/faq#224

[jbenet]

I think there should be a way to at least set a fixed MIME type, or even add headers like X-Content-Type-Options: nosniff.

very much agreed.

Ideally the MIME can be on the unixfs file and read from there

[jbenet]

One other option could be that MIME type would be resolved at the adding the file to the IPFS. Not at the gateway sending time. So user could check and verify what is the MIME type detected, and then override that if necessary.

yeah exactly

[mitar]

Probably MIME should then also be part of metadata which gets hashed together with content. So the same content but different MIME would be a different address.

[raslyon]

@mitar saving the data with MIME in the metadata and does giving it a new hash will lead to unnecessary overhead for the same data with different MIME headers. That is: a node will have to save multiple copies of the same data just to serve the different MIME headers of the file. It is cheaper not to put the MIME header as part of the hash. Does a node will have to save only one set of data but be able to serve it for files with different MIME headers.

[mitar]

@raslyon? What? First, why would you serve the same data as multiple MIME types I do not understand. What would be the use case here? But in any case, IPFS is build around DAGs, content blocks can be separate from metadata data, so there is no reason why content would have to be stored as multiple copies.

To really address your use case, I think the best solution is that you can also store the file using metadata which lists all potential MIME types under which the file can be served. Again, the issue is not that a file should not have different MIME types, but that we should not try to be smart and guess the MIME type, especially not in a way that it is not controllable. (So better to guess it add adding time, then serving time.)

[raslyon]

@mitar thanks i now understand your point. I think my former understanding of your point was incorrect.