Fixing origin/host validation (#1273)
This commit is contained in:
parent
f7536876d5
commit
b562480173
@ -362,16 +362,14 @@ impl Configuration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn ipc_path(&self) -> String {
|
fn ipc_path(&self) -> String {
|
||||||
if self.args.flag_geth { self.geth_ipc_path() }
|
if self.args.flag_geth {
|
||||||
else {
|
self.geth_ipc_path()
|
||||||
if cfg!(windows) {
|
} else if cfg!(windows) {
|
||||||
r"\\.\pipe\parity.jsonrpc".to_owned()
|
r"\\.\pipe\parity.jsonrpc".to_owned()
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone()))
|
Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone()))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
pub fn have_color(&self) -> bool {
|
pub fn have_color(&self) -> bool {
|
||||||
!self.args.flag_no_color && !cfg!(windows)
|
!self.args.flag_no_color && !cfg!(windows)
|
||||||
|
@ -75,7 +75,7 @@ impl ws::Handler for Session {
|
|||||||
let host = req.header("host").or_else(|| req.header("Host"));
|
let host = req.header("host").or_else(|| req.header("Host"));
|
||||||
|
|
||||||
// Check request origin and host header.
|
// Check request origin and host header.
|
||||||
if !origin_is_allowed(&self.self_origin, origin) && !origin_is_allowed(&self.self_origin, host) {
|
if !origin_is_allowed(&self.self_origin, origin) && !(origin.is_none() && origin_is_allowed(&self.self_origin, host)) {
|
||||||
warn!(target: "signer", "Blocked connection to Signer API from untrusted origin.");
|
warn!(target: "signer", "Blocked connection to Signer API from untrusted origin.");
|
||||||
return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin)));
|
return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin)));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user