grassrootseconomics/openethereum
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixing origin/host validation (#1273)

Browse Source
This commit is contained in:
Tomasz Drwięga 2016-06-15 00:57:49 +02:00 committed by Gav Wood
parent f7536876d5
commit b562480173
2 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
parity/configuration.rs
View File

@ -362,14 +362,12 @@ impl Configuration {
} }
fn ipc_path(&self) -> String { fn ipc_path(&self) -> String {
if self.args.flag_geth { self.geth_ipc_path() } if self.args.flag_geth {
else { self.geth_ipc_path()
if cfg!(windows) { } else if cfg!(windows) {
r"\\.\pipe\parity.jsonrpc".to_owned() r"\\.\pipe\parity.jsonrpc".to_owned()
} } else {
else { Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone()))
Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone()))
}
} }
} }

2
signer/src/ws_server/session.rs
View File

@ -75,7 +75,7 @@ impl ws::Handler for Session {
let host = req.header("host").or_else(|| req.header("Host")); let host = req.header("host").or_else(|| req.header("Host"));
// Check request origin and host header. // Check request origin and host header.
if !origin_is_allowed(&self.self_origin, origin) && !origin_is_allowed(&self.self_origin, host) { if !origin_is_allowed(&self.self_origin, origin) && !(origin.is_none() && origin_is_allowed(&self.self_origin, host)) {
warn!(target: "signer", "Blocked connection to Signer API from untrusted origin."); warn!(target: "signer", "Blocked connection to Signer API from untrusted origin.");
return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin))); return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin)));
} }