dfinity · lwshang · Jun 5, 2026 · Jun 5, 2026
@@ -117,7 +117,6 @@ pub struct Asset {
     pub encodings: HashMap<String, AssetEncoding>,
     pub max_age: Option<u64>,
     pub headers: Option<Vec<(String, String)>>,
-    pub allow_raw_access: Option<bool>,
 }
 
 #[derive(Clone, Debug, CandidType, Deserialize)]
@@ -136,7 +135,6 @@ pub struct AssetDetails {
     pub encodings: Vec<AssetEncodingDetails>,
     pub max_age: Option<u64>,
     pub headers: Option<Vec<(String, String)>>,
-    pub allow_raw_access: Option<bool>,
     pub is_aliased: Option<bool>,
 }
 
@@ -149,10 +147,6 @@ pub struct AssetEncodingDetails {
 }
 
 impl Asset {
-    pub fn allow_raw_access(&self) -> bool {
-        self.allow_raw_access.unwrap_or(true)
-    }
-
     fn update_ic_certificate_expressions(&mut self) {
         // gather all headers
         let mut headers: Vec<(String, Value)> = vec![];

@@ -5,8 +5,6 @@ use crate::rc_bytes::RcBytes;
 use candid::{define_function, CandidType, Deserialize, Nat};
 use serde_bytes::ByteBuf;
 
-const HTTP_REDIRECT_PERMANENT: u16 = 308;
-
 pub type HeaderField = (String, String);
 
 #[derive(Clone, Debug, CandidType, Deserialize)]
@@ -79,53 +77,6 @@ impl HttpRequest {
             None => &self.url[..],
         }
     }
-
-    pub fn get_header_value(&self, header_key: &str) -> Option<&String> {
-        self.headers
-            .iter()
-            .find_map(|(k, v)| k.eq_ignore_ascii_case(header_key).then_some(v))
-    }
-
-    pub fn redirect_from_raw_to_certified_domain(&self) -> HttpResponse {
-        #[cfg(not(test))]
-        let canister_id = ic_cdk::api::canister_self().to_text();
-        #[cfg(test)]
-        let canister_id = self.get_canister_id();
-
-        let location = match self.get_header_value("Host") {
-            Some(host_header) if host_header.ends_with("ic0.app") => {
-                format!("https://{canister_id}.ic0.app{path}", path = self.url)
-            }
-            _ => format!("https://{canister_id}.icp0.io{path}", path = self.url),
-        };
-        HttpResponse::build_redirect(HTTP_REDIRECT_PERMANENT, location)
-    }
-
-    #[cfg(test)]
-    pub fn get_canister_id(&self) -> &str {
-        if let Some(host_header) = self.get_header_value("Host") {
-            if host_header.contains(".localhost")
-                || host_header.contains(".io")
-                || host_header.contains(".app")
-            {
-                return host_header.split('.').next().unwrap();
-            } else if let Some(t) = self.url.split("canisterId=").nth(1) {
-                let x = t.split_once('&');
-                if let Some(c) = x {
-                    return c.0;
-                }
-            }
-        }
-        unreachable!()
-    }
-
-    pub fn is_raw_domain(&self) -> bool {
-        if let Some(host_header) = self.get_header_value("Host") {
-            host_header.contains(".raw.ic")
-        } else {
-            false
-        }
-    }
 }
 
 impl HttpResponse {
@@ -162,14 +113,4 @@ impl HttpResponse {
             streaming_strategy: None,
         }
     }
-
-    pub fn build_redirect(status_code: u16, location: String) -> HttpResponse {
-        HttpResponse {
-            status_code,
-            headers: vec![("Location".to_string(), location)],
-            body: RcBytes::from(ByteBuf::default()),
-            upgrade: None,
-            streaming_strategy: None,
-        }
-    }
 }
@@ -82,7 +82,6 @@ pub struct StableAsset {
     pub headers: Option<Vec<(String, String)>>,
     #[serde(default)]
     pub is_aliased: Option<bool>,
-    pub allow_raw_access: Option<bool>,
 }
 
 impl From<crate::asset::Asset> for StableAsset {
@@ -97,7 +96,6 @@ impl From<crate::asset::Asset> for StableAsset {
             max_age: asset.max_age,
             headers: asset.headers,
             is_aliased: None,
-            allow_raw_access: asset.allow_raw_access,
         }
     }
 }
@@ -113,7 +111,6 @@ impl From<StableAsset> for crate::asset::Asset {
                 .collect(),
             max_age: stable_asset.max_age,
             headers: stable_asset.headers,
-            allow_raw_access: stable_asset.allow_raw_access,
         }
     }
 }

@@ -120,7 +120,6 @@ impl State {
                 encodings: HashMap::new(),
                 max_age: arg.max_age,
                 headers: arg.headers,
-                allow_raw_access: arg.allow_raw_access,
             },
         );
         Ok(())
@@ -349,7 +348,6 @@ impl State {
                         encodings,
                         max_age: asset.max_age,
                         headers: asset.headers.clone(),
-                        allow_raw_access: asset.allow_raw_access,
                         is_aliased: None,
                     }
                 })
@@ -418,13 +416,9 @@ impl State {
         chunk_index: usize,
         callback: CallbackFunc,
         etags: Vec<Hash>,
-        req: HttpRequest,
     ) -> HttpResponse {
         // Asset at the requested path wins.
         if let Ok(asset) = self.get_asset(&path.into()) {
-            if !asset.allow_raw_access() && req.is_raw_domain() {
-                return req.redirect_from_raw_to_certified_domain();
-            }
             let (cert_header, _) = self.asset_hashes.witness_to_header(path, certificate);
             if let Some(response) = asset.build_http_response_for_encodings(
                 &requested_encodings,
@@ -444,18 +438,6 @@ impl State {
             if !rule.matches(path) {
                 continue;
             }
-            // Rules that borrow a body from a target asset (200 rewrite or
-            // 4xx custom error page) honor the target's `allow_raw_access`
-            // setting — checked even before the rule has a certified entry
-            // because the target may not yet have an encoding.
-            let borrows_from_target = matches!(rule.status, 200 | 404 | 410);
-            if borrows_from_target {
-                if let Some(target) = self.assets.get(&rule.to) {
-                    if !target.allow_raw_access() && req.is_raw_domain() {
-                        return req.redirect_from_raw_to_certified_domain();
-                    }
-                }
-            }
             let Some(entry) = self
                 .rule_certified_entries
                 .get(idx)
@@ -554,9 +536,7 @@ impl State {
         };
 
         match url_decode(path) {
-            Ok(path) => {
-                self.build_http_response(certificate, &path, encodings, 0, callback, etags, req)
-            }
+            Ok(path) => self.build_http_response(certificate, &path, encodings, 0, callback, etags),
             Err(err) => HttpResponse {
                 status_code: 400,
                 headers: vec![],
@@ -615,7 +595,6 @@ impl State {
         Ok(AssetProperties {
             max_age: asset.max_age,
             headers: asset.headers.clone(),
-            allow_raw_access: asset.allow_raw_access,
             is_aliased: None,
         })
     }
@@ -633,9 +612,6 @@ impl State {
         if let Some(max_age) = arg.max_age {
             asset.max_age = max_age
         }
-        if let Some(allow_raw_access) = arg.allow_raw_access {
-            asset.allow_raw_access = allow_raw_access
-        }
 
         // `arg.is_aliased` is accepted for backward compatibility but ignored.
         let _ = arg.is_aliased;

@@ -86,7 +86,6 @@ fn next_step(
                 max_age: asset.max_age,
                 headers: asset.headers.clone(),
                 enable_aliasing: None,
-                allow_raw_access: asset.allow_raw_access,
             };
             hash_create_asset(&mut hasher, &args);
             let mut sorted_encoding_names: Vec<String> = asset.encodings.keys().cloned().collect();
@@ -185,7 +184,6 @@ fn hash_create_asset(hasher: &mut Sha256, args: &CreateAssetArguments) {
         hasher.update(TAG_NONE);
     }
     hash_headers(hasher, args.headers.as_ref());
-    hash_opt_bool(hasher, args.allow_raw_access);
     hash_opt_bool(hasher, args.enable_aliasing);
 }