Oddbean new post about | logout
 After thinking more, the main issue I see with serving media over an IPFS gateway is the content-type header. The gateway tries to guess, and it could return application/javascript. Of course serving on a subdomain with CSP solves it, but it's not layered security. Need to solve that. 
 Good news, the default IPFS gateway returns `Content-Type: text/plain; charset=utf-8` for javascript files, even if they end with a `.js` extension.

Same isn't true for SVG, though.