From 3f142d05613d6ebe8a74cee0e652ff6abe9ce095 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Drwi=C4=99ga?= <tomusdrw@users.noreply.github.com>
Date: Wed, 26 Jun 2019 18:10:31 +0200
Subject: [PATCH] Enable hosts filtering. (#2959)

---
 substrate/core/rpc-servers/src/lib.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/substrate/core/rpc-servers/src/lib.rs b/substrate/core/rpc-servers/src/lib.rs
index adf560ce5a..37ea833537 100644
--- a/substrate/core/rpc-servers/src/lib.rs
+++ b/substrate/core/rpc-servers/src/lib.rs
@@ -66,6 +66,7 @@ pub fn start_http(
 	http::ServerBuilder::new(io)
 		.threads(4)
 		.health_api(("/health", "system_health"))
+		.allowed_hosts(hosts_filtering(cors.is_some()))
 		.rest_api(if cors.is_some() {
 			http::RestApi::Secure
 		} else {
@@ -87,6 +88,7 @@ pub fn start_ws(
 		.max_payload(MAX_PAYLOAD)
 		.max_connections(max_connections.unwrap_or(WS_MAX_CONNECTIONS))
 		.allowed_origins(map_cors(cors))
+		.allowed_hosts(hosts_filtering(cors.is_some()))
 		.start(addr)
 		.map_err(|err| match err {
 			ws::Error::Io(io) => io,
@@ -103,3 +105,14 @@ fn map_cors<T: for<'a> From<&'a str>>(
 ) -> http::DomainsValidation<T> {
 	cors.map(|x| x.iter().map(AsRef::as_ref).map(Into::into).collect::<Vec<_>>()).into()
 }
+
+fn hosts_filtering(enable: bool) -> http::DomainsValidation<http::Host> {
+	if enable {
+		// NOTE The listening address is whitelisted by default.
+		// Setting an empty vector here enables the validation
+		// and allows only the listening address.
+		http::DomainsValidation::AllowOnly(vec![])
+	} else {
+		http::DomainsValidation::Disabled
+	}
+}