Only allow requests from Origin 127.0.0.1

This commit is contained in:
maciejhirsz 2017-02-16 16:08:54 +01:00
parent c4b4a22203
commit 8d6275bf07

View File

@ -34,7 +34,7 @@ use error::ServerError;
use handler::{IpfsHandler, Out}; use handler::{IpfsHandler, Out};
use hyper::server::{Listening, Handler, Request, Response}; use hyper::server::{Listening, Handler, Request, Response};
use hyper::net::HttpStream; use hyper::net::HttpStream;
use hyper::header::{ContentLength, ContentType}; use hyper::header::{ContentLength, ContentType, Origin};
use hyper::{Next, Encoder, Decoder, Method, RequestUri, StatusCode}; use hyper::{Next, Encoder, Decoder, Method, RequestUri, StatusCode};
use ethcore::client::BlockChainClient; use ethcore::client::BlockChainClient;
@ -45,6 +45,13 @@ impl Handler<HttpStream> for IpfsHandler {
return Next::write(); return Next::write();
} }
// Reject requests if the Origin header isn't valid
if req.headers().get::<Origin>().map(|o| "127.0.0.1" != &o.host.hostname).unwrap_or(false) {
self.out = Out::Bad("Illegal Origin");
return Next::write();
}
let (path, query) = match *req.uri() { let (path, query) = match *req.uri() {
RequestUri::AbsolutePath { ref path, ref query } => (path, query.as_ref().map(AsRef::as_ref)), RequestUri::AbsolutePath { ref path, ref query } => (path, query.as_ref().map(AsRef::as_ref)),
_ => return Next::write(), _ => return Next::write(),
@ -130,7 +137,7 @@ fn write_chunk<W: Write>(transport: &mut W, progress: &mut usize, data: &[u8]) -
} }
pub fn start_server(port: u16, client: Arc<BlockChainClient>) -> Result<Listening, ServerError> { pub fn start_server(port: u16, client: Arc<BlockChainClient>) -> Result<Listening, ServerError> {
let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), port); let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), port);
Ok( Ok(
hyper::Server::http(&addr)? hyper::Server::http(&addr)?