From 8d6275bf07a3eb454e2b93e3af2ee50da1533198 Mon Sep 17 00:00:00 2001
From: maciejhirsz <maciej.hirsz@gmail.com>
Date: Thu, 16 Feb 2017 16:08:54 +0100
Subject: [PATCH] Only allow requests from Origin 127.0.0.1

---
 ipfs/src/lib.rs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ipfs/src/lib.rs b/ipfs/src/lib.rs
index e497faed7..37373344a 100644
--- a/ipfs/src/lib.rs
+++ b/ipfs/src/lib.rs
@@ -34,7 +34,7 @@ use error::ServerError;
 use handler::{IpfsHandler, Out};
 use hyper::server::{Listening, Handler, Request, Response};
 use hyper::net::HttpStream;
-use hyper::header::{ContentLength, ContentType};
+use hyper::header::{ContentLength, ContentType, Origin};
 use hyper::{Next, Encoder, Decoder, Method, RequestUri, StatusCode};
 use ethcore::client::BlockChainClient;
 
@@ -45,6 +45,13 @@ impl Handler<HttpStream> for IpfsHandler {
 			return Next::write();
 		}
 
+		// Reject requests if the Origin header isn't valid
+		if req.headers().get::<Origin>().map(|o| "127.0.0.1" != &o.host.hostname).unwrap_or(false) {
+			self.out = Out::Bad("Illegal Origin");
+
+			return Next::write();
+		}
+
 		let (path, query) = match *req.uri() {
 			RequestUri::AbsolutePath { ref path, ref query } => (path, query.as_ref().map(AsRef::as_ref)),
 			_ => return Next::write(),
@@ -130,7 +137,7 @@ fn write_chunk<W: Write>(transport: &mut W, progress: &mut usize, data: &[u8]) -
 }
 
 pub fn start_server(port: u16, client: Arc<BlockChainClient>) -> Result<Listening, ServerError> {
-	let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), port);
+	let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), port);
 
 	Ok(
 		hyper::Server::http(&addr)?