diff --git a/prdoc/pr_5678.prdoc b/prdoc/pr_5678.prdoc new file mode 100644 index 000000000000..af1fac31c560 --- /dev/null +++ b/prdoc/pr_5678.prdoc @@ -0,0 +1,14 @@ +title: 'rpc server: fix deny unsafe on RpcMethods::Auto' +doc: +- audience: Node User + description: |- + Close #5677 + + I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in https://github.com/paritytech/polkadot-sdk/pull/4792 + + Thus: + - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe + - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe +crates: +- name: sc-rpc-server + bump: patch diff --git a/substrate/client/rpc-servers/src/utils.rs b/substrate/client/rpc-servers/src/utils.rs index 5b4a4bf22b95..d9b2db7af133 100644 --- a/substrate/client/rpc-servers/src/utils.rs +++ b/substrate/client/rpc-servers/src/utils.rs @@ -284,7 +284,7 @@ pub(crate) fn get_proxy_ip(req: &http::Request) -> Option { /// Get the `deny_unsafe` setting based on the address and the RPC methods exposed by the interface. pub fn deny_unsafe(addr: &SocketAddr, methods: &RpcMethods) -> DenyUnsafe { match (addr.ip().is_loopback(), methods) { - | (_, RpcMethods::Unsafe) | (false, RpcMethods::Auto) => DenyUnsafe::No, + (_, RpcMethods::Unsafe) | (true, RpcMethods::Auto) => DenyUnsafe::No, _ => DenyUnsafe::Yes, } }