Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Doc: add information about security to the JSON-RPC doc #15223
Forced pushed updates for @laanwj's suggestions:
Jan 24, 2019
Is there any similarity?
Because of these missing headers, websites can't communicate with the RPC. Even if they could, they would need to know the username & password.
There's also a REST API which is unauthenticated, but only shows public info like blocks; it doesn't expose the wallet. It currently doesn't have CORS headers and probably shouldn't, but not so much for security reasons as for scope creep. See the discussion in #12040 for more context.