From a6cbc965a0257a33f6902bb6ba7cacd1598ac08e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Drwi=C4=99ga?= Date: Tue, 16 Apr 2019 12:57:51 +0200 Subject: [PATCH] Disable CORS when running in --dev (#2291) * Disable cors in dev mode, * Whitelist substrate-ui. * Fix build. * Update docs. --- substrate/core/cli/src/lib.rs | 17 ++++++++++++----- substrate/core/cli/src/params.rs | 3 ++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/substrate/core/cli/src/lib.rs b/substrate/core/cli/src/lib.rs index 40eb15296e..31a2427669 100644 --- a/substrate/core/cli/src/lib.rs +++ b/substrate/core/cli/src/lib.rs @@ -475,11 +475,18 @@ where config.rpc_ws = Some( parse_address(&format!("{}:{}", ws_interface, 9944), cli.ws_port)? ); - config.rpc_cors = cli.rpc_cors.unwrap_or_else(|| Some(vec![ - "http://localhost:*".into(), - "https://localhost:*".into(), - "https://polkadot.js.org".into() - ])); + let is_dev = cli.shared_params.dev; + config.rpc_cors = cli.rpc_cors.unwrap_or_else(|| if is_dev { + log::warn!("Running in --dev mode, RPC CORS has been disabled."); + None + } else { + Some(vec![ + "http://localhost:*".into(), + "https://localhost:*".into(), + "https://polkadot.js.org".into(), + "https://substrate-ui.parity.io".into(), + ]) + }); // Override telemetry if cli.no_telemetry { diff --git a/substrate/core/cli/src/params.rs b/substrate/core/cli/src/params.rs index 934fb15889..0c4f0bfd64 100644 --- a/substrate/core/cli/src/params.rs +++ b/substrate/core/cli/src/params.rs @@ -332,7 +332,8 @@ pub struct RunCmd { /// Specify browser Origins allowed to access the HTTP & WS RPC servers. /// It's a comma-separated list of origins (protocol://domain or special `null` value). /// Value of `all` will disable origin validation. - /// Default is to allow localhost and https://polkadot.js.org origin. + /// Default is to allow localhost, https://polkadot.js.org and https://substrate-ui.parity.io origins. + /// When running in --dev mode the default is to allow all origins. #[structopt(long = "rpc-cors", value_name = "ORIGINS", parse(try_from_str = "parse_cors"))] pub rpc_cors: Option>>,