allowInsecure: false should respect Secure Contexts

[lidel]

Problem

Setting allowInsecure: false should not be blindly blocking http://, it should not block requests to http://localhost and http://*.localhost because these are valid Secure Contexts.

This bug blocks users from using their own local gateway (ipfs desktop, kubo, rainbow).

Solution

Correctly recognize http://localhost[:port] and http://*.localhost[:port] as secure contexts.

Important

Only localhost label is marked as Secure Context, URLs with loopback 127.0.0.1 IPs are not.

Ref.

• helia/packages/block-brokers/src/trustless-gateway/utils.ts

  Line 12 in 74ccc92

  if (HTTPS.matches(ma) || (allowInsecure && HTTP.matches(ma))) {

• TLDR: Hostnames for localhost HTTP gateway in-web-browsers#109 (comment)
• W3C: https://w3c.github.io/webappsec-secure-contexts/#localhost
• IETF: https://datatracker.ietf.org/doc/html/draft-west-let-localhost-be-localhost

[2color]

According to https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy is seems that 127.0.0.1 is potentially trustworthy:

If origin’s host matches one of the CIDR notations 127.0.0.0/8 or ::1/128 [RFC4632], return "Potentially Trustworthy".

[SgtPooki]

For anyone interested in taking this task on (e.g. Luca from 2024-08-01 Helia WG):

We will want to modify https://github.com/ipfs/helia/blob/74ccc92793a6d0bb4bee714d9fe4fa4183aa4ee8/packages/block-brokers/src/trustless-gateway/utils.ts#L10C17-L31 in the following ways:

1. Modify the filter so that when allowInsecure=false, a multiaddr with "127.0.0.1" as the IP still returns true. add a test
   • we could allow the entire block of 127.0.0.0/8 but shouldn't need to
2. Modify the filter so that when allowInsecure=false, a multiaddr with "localhost" as the domain still returns true. add a test
3. Modify the filter so that when allowInsecure=false, a multiaddr with a parent domain of "localhost" as the domain still returns true (e.g. example.localhost, foobar.localhost, *.localhost). add a test