Skip to content

rpc server: fix deny unsafe on RpcMethods::Auto#5678

Merged
ggwpez merged 4 commits intomasterfrom
na-fix-5677
Sep 11, 2024
Merged

rpc server: fix deny unsafe on RpcMethods::Auto#5678
ggwpez merged 4 commits intomasterfrom
na-fix-5677

Conversation

@niklasad1
Copy link
Copy Markdown
Contributor

@niklasad1 niklasad1 commented Sep 11, 2024
edited
Loading

Close #5677

I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in #4792

Thus:

  • (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
  • (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe

@niklasad1 niklasad1 changed the title fix(rpc server): auto -> allow localhost conns rpc server: fix deny unsafe on RpcMethods::Auto Sep 11, 2024
@niklasad1 niklasad1 added A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-no-crate-publish-required The change does not require any crates to be re-published. T0-node This PR/Issue is related to the topic “node”. labels Sep 11, 2024
@ggwpez
Copy link
Copy Markdown
Member

ggwpez commented Sep 11, 2024

/cmd prdoc --pr 5678 --audience "Node Operator" --bump patch

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Sep 11, 2024

Command "" has started 🚀 See logs here

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Sep 11, 2024

Command "" has finished ✅ See logs here

@ggwpez ggwpez enabled auto-merge September 11, 2024 14:52
@ggwpez ggwpez added this pull request to the merge queue Sep 11, 2024
Merged via the queue into master with commit 4e7c9e7 Sep 11, 2024
@ggwpez ggwpez deleted the na-fix-5677 branch September 11, 2024 17:42
niklasad1 added a commit that referenced this pull request Sep 12, 2024
@niklasad1 @ggwpez
rpc server: fix deny unsafe on RpcMethods::Auto (#5678)
814cd3d 
Close #5677

I made a nit when I moved this code:
https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385
in #4792

Thus:
 - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
 - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe

---------

Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
@niklasad1 niklasad1 mentioned this pull request Sep 12, 2024
Merged
ggwpez added a commit that referenced this pull request Sep 12, 2024
@niklasad1 @ggwpez
[stable2409] Backport #5678 (#5691)
9330fc3 
Backport #5678 into
stable2409

Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
@BulatSaif BulatSaif mentioned this pull request Sep 15, 2024
Closed
@github-actions github-actions bot mentioned this pull request Feb 26, 2025
Closed
@github-actions github-actions bot mentioned this pull request Mar 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bkchr bkchr bkchr approved these changes

@ggwpez ggwpez ggwpez approved these changes

Assignees

No one assigned

Labels

A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-no-crate-publish-required The change does not require any crates to be re-published. T0-node This PR/Issue is related to the topic “node”.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug v1.16.0-rc1 (stable2409) RPC call is unsafe to be called externally

4 participants

@niklasad1 @ggwpez @bkchr @pgherveou