Only allow requests from Origin 127.0.0.1

2017-02-16 16:08:54 +01:00 · 2017-02-16 16:08:54 +01:00 · 8d6275bf07
commit 8d6275bf07
parent c4b4a22203
1 changed files with 9 additions and 2 deletions
--- a/ipfs/src/lib.rs
+++ b/ipfs/src/lib.rs
@ -34,7 +34,7 @@ use error::ServerError;
 use handler::{IpfsHandler, Out};
 use hyper::server::{Listening, Handler, Request, Response};
 use hyper::net::HttpStream;
-use hyper::header::{ContentLength, ContentType};
+use hyper::header::{ContentLength, ContentType, Origin};
 use hyper::{Next, Encoder, Decoder, Method, RequestUri, StatusCode};
 use ethcore::client::BlockChainClient;

@ -45,6 +45,13 @@ impl Handler<HttpStream> for IpfsHandler {
 			return Next::write();
 		}

+		// Reject requests if the Origin header isn't valid
+		if req.headers().get::<Origin>().map(|o| "127.0.0.1" != &o.host.hostname).unwrap_or(false) {
+			self.out = Out::Bad("Illegal Origin");
+
+			return Next::write();
+		}
+
 		let (path, query) = match *req.uri() {
 			RequestUri::AbsolutePath { ref path, ref query } => (path, query.as_ref().map(AsRef::as_ref)),
 			_ => return Next::write(),
@ -130,7 +137,7 @@ fn write_chunk<W: Write>(transport: &mut W, progress: &mut usize, data: &[u8]) -
 }

 pub fn start_server(port: u16, client: Arc<BlockChainClient>) -> Result<Listening, ServerError> {
-	let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), port);
+	let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), port);

 	Ok(
 		hyper::Server::http(&addr)?