From b5624801737602655414062a01cc674139f60a10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Drwi=C4=99ga?= Date: Wed, 15 Jun 2016 00:57:49 +0200 Subject: [PATCH] Fixing origin/host validation (#1273) --- parity/configuration.rs | 14 ++++++-------- signer/src/ws_server/session.rs | 2 +- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/parity/configuration.rs b/parity/configuration.rs index 1e14cd1de..3aff2ee27 100644 --- a/parity/configuration.rs +++ b/parity/configuration.rs @@ -362,14 +362,12 @@ impl Configuration { } fn ipc_path(&self) -> String { - if self.args.flag_geth { self.geth_ipc_path() } - else { - if cfg!(windows) { - r"\\.\pipe\parity.jsonrpc".to_owned() - } - else { - Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone())) - } + if self.args.flag_geth { + self.geth_ipc_path() + } else if cfg!(windows) { + r"\\.\pipe\parity.jsonrpc".to_owned() + } else { + Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone())) } } diff --git a/signer/src/ws_server/session.rs b/signer/src/ws_server/session.rs index 8cc3f5d07..b635f1524 100644 --- a/signer/src/ws_server/session.rs +++ b/signer/src/ws_server/session.rs @@ -75,7 +75,7 @@ impl ws::Handler for Session { let host = req.header("host").or_else(|| req.header("Host")); // Check request origin and host header. - if !origin_is_allowed(&self.self_origin, origin) && !origin_is_allowed(&self.self_origin, host) { + if !origin_is_allowed(&self.self_origin, origin) && !(origin.is_none() && origin_is_allowed(&self.self_origin, host)) { warn!(target: "signer", "Blocked connection to Signer API from untrusted origin."); return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin))); }