Skip to content

Commit

Permalink
Stop allowing CORS for the JSON-RPC server
Browse files Browse the repository at this point in the history 
As far as I can tell, there is no need to allow this, and doing so poses severe security risks (see #3374).
  • Loading branch information
@mithrandi
mithrandi committed Jan 6, 2018
1 parent aeee5e9 commit 0cf6799
Showing 1 changed file with 2 additions and 15 deletions.
17 changes: 2 additions & 15 deletions lib/daemon.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

# from jsonrpc import JSONRPCResponseManager
import jsonrpclib
from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer, SimpleJSONRPCRequestHandler
from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer

from .version import ELECTRUM_VERSION
from .network import Network
Expand Down Expand Up @@ -87,19 +87,6 @@ def get_server(config):
time.sleep(1.0)


class RequestHandler(SimpleJSONRPCRequestHandler):

def do_OPTIONS(self):
self.send_response(200)
self.end_headers()

def end_headers(self):
self.send_header("Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept")
self.send_header("Access-Control-Allow-Origin", "*")
SimpleJSONRPCRequestHandler.end_headers(self)


class Daemon(DaemonThread):

def __init__(self, config, fd):
Expand All @@ -124,7 +111,7 @@ def init_server(self, config, fd):
host = config.get('rpchost', '127.0.0.1')
port = config.get('rpcport', 0)
try:
server = SimpleJSONRPCServer((host, port), logRequests=False, requestHandler=RequestHandler)
server = SimpleJSONRPCServer((host, port), logRequests=False)
except Exception as e:
self.print_error('Warning: cannot initialize RPC server on host', host, e)
self.server = None
Expand Down

0 comments on commit 0cf6799

Please sign in to comment.