From 0cf67997c01bef74233255a1d806d722e953eb36 Mon Sep 17 00:00:00 2001 From: Tristan Seligmann Date: Sat, 6 Jan 2018 08:42:54 +0200 Subject: [PATCH] Stop allowing CORS for the JSON-RPC server As far as I can tell, there is no need to allow this, and doing so poses severe security risks (see #3374). --- lib/daemon.py | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/lib/daemon.py b/lib/daemon.py index de2b13618088..d822ade91aa0 100644 --- a/lib/daemon.py +++ b/lib/daemon.py @@ -28,7 +28,7 @@ # from jsonrpc import JSONRPCResponseManager import jsonrpclib -from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer, SimpleJSONRPCRequestHandler +from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer from .version import ELECTRUM_VERSION from .network import Network @@ -87,19 +87,6 @@ def get_server(config): time.sleep(1.0) -class RequestHandler(SimpleJSONRPCRequestHandler): - - def do_OPTIONS(self): - self.send_response(200) - self.end_headers() - - def end_headers(self): - self.send_header("Access-Control-Allow-Headers", - "Origin, X-Requested-With, Content-Type, Accept") - self.send_header("Access-Control-Allow-Origin", "*") - SimpleJSONRPCRequestHandler.end_headers(self) - - class Daemon(DaemonThread): def __init__(self, config, fd): @@ -124,7 +111,7 @@ def init_server(self, config, fd): host = config.get('rpchost', '127.0.0.1') port = config.get('rpcport', 0) try: - server = SimpleJSONRPCServer((host, port), logRequests=False, requestHandler=RequestHandler) + server = SimpleJSONRPCServer((host, port), logRequests=False) except Exception as e: self.print_error('Warning: cannot initialize RPC server on host', host, e) self.server = None