Signer errors

signer/src/ws_server/error_tpl.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width">
+		{meta}
+		<title>{title}</title>
+		<link rel="stylesheet" href="/styles.css">
+	</head>
+	<body>
+		<div class="parity-navbar"></div>
+		<div class="parity-box">
+			<h1>{title}</h1>
+			<h3>{message}</h3>
+			<p><code>{details}</code></p>
+		</div>
+		<div class="parity-status">
+			<small>{version}</small>
+		</div>
+	</body>
+</html>

signer/src/ws_server/mod.rs

@@ -93,9 +93,15 @@ pub struct Server {
 	broadcaster_handle: Option<thread::JoinHandle<()>>,
 	queue: Arc<ConfirmationsQueue>,
 	panic_handler: Arc<PanicHandler>,
+	addr: SocketAddr,
 }
 
 impl Server {
+	/// Returns the address this server is listening on
+	pub fn addr(&self) -> &SocketAddr {
+		&self.addr
+	}
+
 	/// Starts a new `WebSocket` server in separate thread.
 	/// Returns a `Server` handle which closes the server when droped.
 	fn start(addr: SocketAddr, handler: Arc<IoHandler>, queue: Arc<ConfirmationsQueue>, authcodes_path: PathBuf, skip_origin_validation: bool) -> Result<Server, ServerError> {
@@ -121,7 +127,7 @@ impl Server {
 		// Spawn a thread with event loop
 		let handle = thread::spawn(move || {
 			ph.catch_panic(move || {
-				match ws.listen(addr).map_err(ServerError::from) {
+				match ws.listen(addr.clone()).map_err(ServerError::from) {
 					Err(ServerError::IoError(io)) => die(format!(
 						"Signer: Could not start listening on specified address. Make sure that no other instance is running on Signer's port. Details: {:?}",
 						io
@@ -158,6 +164,7 @@ impl Server {
 			broadcaster_handle: Some(broadcaster_handle),
 			queue: queue,
 			panic_handler: panic_handler,
+			addr: addr,
 		})
 	}
 }

signer/src/ws_server/session.rs

@@ -107,10 +107,15 @@ impl ws::Handler for Session {
 	fn on_request(&mut self, req: &ws::Request) -> ws::Result<(ws::Response)> {
 		let origin = req.header("origin").or_else(|| req.header("Origin")).map(|x| &x[..]);
 		let host = req.header("host").or_else(|| req.header("Host")).map(|x| &x[..]);
+		// Styles file is allowed for error pages to display nicely.
+		let is_styles_file = req.resource() == "/styles.css";
 
 		// Check request origin and host header.
 		if !self.skip_origin_validation {
-			if !origin_is_allowed(&self.self_origin, origin) && !(origin.is_none() && origin_is_allowed(&self.self_origin, host)) {
+			let is_valid = origin_is_allowed(&self.self_origin, origin) || (origin.is_none() && origin_is_allowed(&self.self_origin, host));
+			let is_valid = is_styles_file || is_valid;
+
+			if !is_valid {
 				warn!(target: "signer", "Blocked connection to Signer API from untrusted origin.");
 				return Ok(error(
 						ErrorType::Forbidden,
@@ -121,8 +126,9 @@ impl ws::Handler for Session {
 			}
 		}
 
-		// Detect if it's a websocket request.
-		if req.header("sec-websocket-key").is_some() {
+		// Detect if it's a websocket request
+		// (styles file skips origin validation, so make sure to prevent WS connections on this resource)
+		if req.header("sec-websocket-key").is_some() && !is_styles_file {
 			// Check authorization
 			if !auth_is_valid(&self.authcodes_path, req.protocols()) {
 				info!(target: "signer", "Unauthorized connection to Signer API blocked.");
@@ -198,7 +204,7 @@ enum ErrorType {
 
 fn error(error: ErrorType, title: &str, message: &str, details: Option<&str>) -> ws::Response {
 	let content = format!(
-		include_str!("../../../dapps/src/error_tpl.html"),
+		include_str!("./error_tpl.html"),
 		title=title,
 		meta="",
 		message=message,