IPFS Authentication Error 403 - Forbidden

nmaddp1995 · August 11, 2022, 6:42am

yeah, i try it but it still show 403 error in chrome browser

philvms · August 11, 2022, 6:42am

so I tried this in safari. Overwriting user agent appears to work. But it does not work in chrome and I suspect all chromium browsers (tried in Brave as well). so the latest go-ipfs update basically breaks all web3 applications that relies on accessing ifps through browser?

nmaddp1995 · August 11, 2022, 6:57am

I thought you guys should revert what’s just get merged or something else because it affects a lot of customer that is using this function on chrome

corentin · August 11, 2022, 7:13am

Hello, It does not work for me.
Chrome, edge or opera return ’ Refused to set unsafe header “origin” ’

philvms · August 11, 2022, 7:17am

A good workaround for now if you are still in development is using a custom user agent and replace the default in chrome

secrecys · August 11, 2022, 7:28am

In the meantime, we developed the following PHP code that we started using to overcome the issue.
This creates a PHP proxy to infura IPFS API (not the gateway - for that you need to use the new dedicated one). May be helpful to someone in the meantime.

Just point your host to the PHP location
host: “ipfs.infura.io”, to host: “mywebhostdomain/infura.php?”,

<?php

$queryString = $_SERVER['QUERY_STRING'];

$url = "https://ipfs.infura.io" . $queryString;

$user_agent = 'curl';

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch,CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_USERPWD, "project" . ":" . "pass");

$tmp_name = $_FILES[0]['tmp_name'];

$filename = $_FILES[0]['name'];

$type = $_FILES[0]['type'];

$args['file'] = new CurlFile($tmp_name,$type,$filename);

curl_setopt($ch, CURLOPT_POSTFIELDS, $args);

$res = curl_exec($ch);

curl_close($ch);

print($res);

?>

Ahsan_Khan · August 11, 2022, 7:48am

Postman
Sending a POST request gives SSL Error: Hostname/IP does not match certificate's altnames.
Enable SSL certificate verification can be disabled in settings which makes the API work.

Curl
adding --insecure flag makes it work.

I am not sure how to disable SSL Certificate Verification when making an API call from browser, any ideas?

secrecys · August 11, 2022, 8:17am

from chrome you can’t

traian.vila · August 11, 2022, 8:26am

Hey all,

Regarding the 403 error, as this change seems to impact lots of users that don’t have a backend we’ll revert the change for now, it should be working again in ~10 mins.

Thanks,
Traian

traian.vila · August 11, 2022, 8:50am

Everyone, so these changes were done in ipfs as a security feature for apps:

github.com/ipfs/go-ipfs-cmds

fix: allow requests from electron renderer (#201)

committed 04:40PM - 07 Sep 20 UTC

achingbrain

+16 -0

* fix: allow requests from electron renderer The Electron Renderer process ru…ns in an embedded browser window so has access to browser-native `fetch`. If this is used by `ipfs-http-client` to make requests against the HTTP API, the `User-Agent` header is set to a value that looks similar to a browser but no `Origin` or `Referer` headers are sent. The change here is to relax the user agent check to allow through requests from clients with `'Electron'` in their user agents.

We’d like to understand if there is a way to have that filtering active again or not, it would be great if you could add your thoughts. Thanks !

timmy161 · August 11, 2022, 11:02am

Thanks, everything is fine now

ahatch · August 12, 2022, 1:09am

I’m still getting an error message in Chrome when trying to run this code:

const ipfsClient = require('ipfs-http-client')
const projectId = '2DB...'
const projectSecret = 'aebb...'
const auth = 'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64');
const client = ipfsClient.create({
    host: 'ipfs.infura.io',
    port: 5001,
    protocol: 'https',
    headers: {
        authorization: auth,
    },
});```

Failed to load resource: the server responded with a status of 403 (Forbidden)
Could not upload Data:  HTTPError: not allowed - invalid user agent

Any suggestions?

secrecys · August 12, 2022, 10:36am

Are you sure that’s the code you’re running? Have you tried running it in incognito?

Mick_code · August 12, 2022, 12:20pm

Same here it works great since yesterday but today it’s not…

“Error project id required”

Dev chrome tool:

ipfs-http-client.js:65204 POST https://ipfs.infura.io:5001/api/v0/add?stream-channels=true 401 (Unauthorized)

philvms · August 12, 2022, 1:05pm

ahatch:

const ipfsClient = require('ipfs-http-client')
const projectId = '2DB...'
const projectSecret = 'aebb...'
const auth = 'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64');
const client = ipfsClient.create({
    host: 'ipfs.infura.io',
    port: 5001,
    protocol: 'https',
    headers: {
        auth

Mick you need to implement authentication now. your error indicates you haven’t done the project id properly yet.

Mick_code · August 12, 2022, 1:29pm

Hi Phil and thank you very much! I am using this github where I have this error…
Can you let me know if I can add your code and where in this script?

Again thank you

APDAN · August 12, 2022, 7:24pm

hey Mick,

Can we take a look at what you have? Any chance you can share your fork/repo?

Kind regards,
Alex | Infura Support

Sameh_Sadaqa · August 12, 2022, 7:43pm

import { create as ipfsHttpClient } from "ipfs-http-client";
.
.
.
const projectId = "....";

const projectSecret = "....";

const auth = 'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64');

console.log(auth)

const ipfs = ipfsHttpClient({

  host: 'ipfs.infura.io',

  port: 5001,

  protocol: 'https',

  apiPath: '/api/v0',

  headers: {

    authorization: auth,

  },

});

I’m still getting 403 error

Mick_code · August 13, 2022, 12:58am

Hi

This is the repo : https://github.com/anarkrypto/upload-files-to-ipfs-from-browser-panel

This is the demo: Upload files to IPFS from Browser

carmelo.quartarone · August 15, 2022, 7:50am

I use your ipfs service to allow my web app to upload (client side) and then pin (server side by authentication).
The new policy forces me to use the same credentials on the client size app and I can’t allow this.
My proposal is to create two login credentials, one only for the upload the other only for the pin, in this way I can
protect my pinned file archive from unauthorized account use.