Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpc server: fix deny unsafe on RpcMethods::Auto #5678

Merged
merged 4 commits into from
Sep 11, 2024
Merged

rpc server: fix deny unsafe on RpcMethods::Auto #5678

merged 4 commits into from
Sep 11, 2024

Conversation

niklasad1
Copy link
Member

@niklasad1 niklasad1 commented Sep 11, 2024

Close #5677

I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in #4792

Thus:

  • (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
  • (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe

@niklasad1 niklasad1 changed the title fix(rpc server): auto -> allow localhost conns rpc server: fix deny unsafe on RpcMethods::Auto Sep 11, 2024
@niklasad1 niklasad1 added A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-silent Changes should not be mentioned in any release notes T0-node This PR/Issue is related to the topic “node”. labels Sep 11, 2024
@niklasad1 niklasad1 added the A4-needs-backport Pull request must be backported to all maintained releases. label Sep 11, 2024
@ggwpez
Copy link
Member

ggwpez commented Sep 11, 2024

/cmd prdoc --pr 5678 --audience "Node Operator" --bump patch

Copy link

Command "" has started 🚀 See logs here

Copy link

Command "" has finished ✅ See logs here

@ggwpez ggwpez added this pull request to the merge queue Sep 11, 2024
Merged via the queue into master with commit 4e7c9e7 Sep 11, 2024
199 of 204 checks passed
@ggwpez ggwpez deleted the na-fix-5677 branch September 11, 2024 17:42
niklasad1 added a commit that referenced this pull request Sep 12, 2024
Close #5677

I made a nit when I moved this code:
https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385
in #4792

Thus:
 - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
 - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe

---------

Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
ggwpez added a commit that referenced this pull request Sep 12, 2024
Backport #5678 into
stable2409

Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
@ggwpez ggwpez removed the A4-needs-backport Pull request must be backported to all maintained releases. label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-silent Changes should not be mentioned in any release notes T0-node This PR/Issue is related to the topic “node”.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bug v1.16.0-rc1 (stable2409) RPC call is unsafe to be called externally
3 participants