This is a recommended release that adds per-gateway trust configuration for TRUSTED_GATEWAYS_URLS, enabling operators to mark individual gateways as trusted or untrusted for finer-grained data verification control. It also includes peer URL tracking in chunk broadcast responses for improved debuggability, and fixes for upstream gateway content-length validation to prevent serving bogus responses from gateways that return 200 instead of 404.
Added
-
Per-Gateway Trust Flag for
TRUSTED_GATEWAYS_URLS: Extended theTRUSTED_GATEWAYS_URLSconfiguration format to support per-gateway trust levels- Untrusted gateways only cache data when the hash matches a known value, providing defense-in-depth against serving incorrect data
- Default configuration now uses
turbo-gateway.com(trusted) witharweave.netas an untrusted fallback
-
Peer URL in Chunk Broadcast Responses: Chunk broadcast responses now include the peer URL for better debuggability when troubleshooting chunk propagation issues
Changed
- Default
TRUSTED_GATEWAYS_URLSnow usesturbo-gateway.comas the primary trusted gateway witharweave.netas an untrusted fallback
Fixed
-
Upstream Gateway Content-Length Validation: Added validation of content-length in
GatewaysDataSourceto reject responses with missing or zero content-length, preventing upstream gateways from serving bogus HTML landing pages when they return 200 instead of 404. -
Zero-Byte Data Item Handling: Removed size-0 rejection from data handlers to allow zero-byte data items to be served correctly.
Docker Images
ghcr.io/ar-io/ar-io-envoy:17a2cbdb71e1d1eba1a3c4e29aff96d69feb3246ghcr.io/ar-io/ar-io-core:dbdf97db26627c1fd38fd765eebe8db513a66dffghcr.io/ar-io/ar-io-clickhouse-auto-import:4512361f3d6bdc0d8a44dd83eb796fd88804a384ghcr.io/ar-io/ar-io-observer:9356a3d5cc2ed9ac406a62c3a01450ae80ddc6c3ghcr.io/ar-io/ar-io-litestream:be121fc0ae24a9eb7cdb2b92d01f047039b5f5e8