From 9ea2ce4b8fb80ef289aaec1e48589893bfb45f2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Federico=20Kunze=20K=C3=BCllmer?= <31522760+fedekunze@users.noreply.github.com> Date: Fri, 20 Aug 2021 06:58:03 -0400 Subject: [PATCH] server: remove cors config fron JSON-RPC (#465) --- docs/api/json-rpc/running_server.md | 17 ++++++++++++++--- server/config/config.go | 24 ++++++++++-------------- server/config/toml.go | 3 --- server/flags/flags.go | 11 +++++------ server/json_rpc.go | 2 +- server/start.go | 1 - 6 files changed, 30 insertions(+), 28 deletions(-) diff --git a/docs/api/json-rpc/running_server.md b/docs/api/json-rpc/running_server.md index 1e8c0e64..03b7f8e1 100644 --- a/docs/api/json-rpc/running_server.md +++ b/docs/api/json-rpc/running_server.md @@ -36,8 +36,19 @@ ethermintd start --json-rpc.gas-cap 0 ## CORS -If accessing the RPC from a browser, CORS will need to be enabled with the appropriate domain set. Otherwise, JavaScript calls are limit by the same-origin policy and requests will fail: +If accessing the RPC from a browser, CORS will need to be enabled with the appropriate domain set. Otherwise, JavaScript calls are limit by the same-origin policy and requests will fail. -```bash -ethermintd start --json-rpc.enable-unsafe-cors +The CORS setting can be updated from the `app.toml` + +```toml +############################################################################### +### API Configuration ### +############################################################################### + +[api] + +# ... + +# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk). +enabled-unsafe-cors = true # default false ``` diff --git a/server/config/config.go b/server/config/config.go index cd27c085..27b77662 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -114,8 +114,6 @@ type JSONRPCConfig struct { API []string `mapstructure:"api"` // Enable defines if the EVM RPC server should be enabled. Enable bool `mapstructure:"enable"` - // EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk) - EnableUnsafeCORS bool `mapstructure:"enable-unsafe-cors"` // GasCap is the global gas cap for eth-call variants. GasCap uint64 `mapstructure:"gas-cap"` } @@ -142,12 +140,11 @@ func (c JSONRPCConfig) Validate() error { // DefaultJSONRPCConfig returns an EVM config with the JSON-RPC API enabled by default func DefaultJSONRPCConfig() *JSONRPCConfig { return &JSONRPCConfig{ - Enable: true, - API: GetDefaultAPINamespaces(), - Address: DefaultJSONRPCAddress, - WsAddress: DefaultJSONRPCWsAddress, - EnableUnsafeCORS: false, - GasCap: DefaultGasCap, + Enable: true, + API: GetDefaultAPINamespaces(), + Address: DefaultJSONRPCAddress, + WsAddress: DefaultJSONRPCWsAddress, + GasCap: DefaultGasCap, } } @@ -170,12 +167,11 @@ func GetConfig(v *viper.Viper) Config { Tracer: v.GetString("evm.tracer"), }, JSONRPC: JSONRPCConfig{ - Enable: v.GetBool("json-rpc.enable"), - API: v.GetStringSlice("json-rpc.api"), - Address: v.GetString("json-rpc.address"), - WsAddress: v.GetString("json-rpc.ws-address"), - EnableUnsafeCORS: v.GetBool("json-rpc.enable-unsafe-cors"), - GasCap: v.GetUint64("json-rpc.gas-cap"), + Enable: v.GetBool("json-rpc.enable"), + API: v.GetStringSlice("json-rpc.api"), + Address: v.GetString("json-rpc.address"), + WsAddress: v.GetString("json-rpc.ws-address"), + GasCap: v.GetUint64("json-rpc.gas-cap"), }, } } diff --git a/server/config/toml.go b/server/config/toml.go index 561a4007..6b0e3f0a 100644 --- a/server/config/toml.go +++ b/server/config/toml.go @@ -32,9 +32,6 @@ ws-address = "{{ .JSONRPC.WsAddress }}" # Example: "eth,txpool,personal,net,debug,web3" api = "{{range $index, $elmt := .JSONRPC.API}}{{if $index}},{{$elmt}}{{else}}{{$elmt}}{{end}}{{end}}" -# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk) -enable-unsafe-cors = "{{ .JSONRPC.EnableUnsafeCORS }}" - # GasCap sets a cap on gas that can be used in eth_call/estimateGas (0=infinite). Default: 25,000,000. gas-cap = {{ .JSONRPC.GasCap }} ` diff --git a/server/flags/flags.go b/server/flags/flags.go index b23edf9e..944f1f96 100644 --- a/server/flags/flags.go +++ b/server/flags/flags.go @@ -26,12 +26,11 @@ const ( // JSON-RPC flags const ( - JSONRPCEnable = "json-rpc.enable" - JSONRPCAPI = "json-rpc.api" - JSONRPCAddress = "json-rpc.address" - JSONWsAddress = "json-rpc.ws-address" - JSONEnableUnsafeCORS = "json-rpc.enable-unsafe-cors" - JSONRPCGasCap = "json-rpc.gas-cap" + JSONRPCEnable = "json-rpc.enable" + JSONRPCAPI = "json-rpc.api" + JSONRPCAddress = "json-rpc.address" + JSONWsAddress = "json-rpc.ws-address" + JSONRPCGasCap = "json-rpc.gas-cap" ) // EVM flags diff --git a/server/json_rpc.go b/server/json_rpc.go index 23043fc0..0b9046fd 100644 --- a/server/json_rpc.go +++ b/server/json_rpc.go @@ -41,7 +41,7 @@ func StartJSONRPC(ctx *server.Context, clientCtx client.Context, tmRPCAddr strin r.HandleFunc("/", rpcServer.ServeHTTP).Methods("POST") handlerWithCors := cors.Default() - if config.JSONRPC.EnableUnsafeCORS { + if config.API.EnableUnsafeCORS { handlerWithCors = cors.AllowAll() } diff --git a/server/start.go b/server/start.go index cbda3654..a99fdc71 100644 --- a/server/start.go +++ b/server/start.go @@ -143,7 +143,6 @@ which accepts a path for the resulting pprof file. cmd.Flags().StringSlice(srvflags.JSONRPCAPI, config.GetDefaultAPINamespaces(), "Defines a list of JSON-RPC namespaces that should be enabled") cmd.Flags().String(srvflags.JSONRPCAddress, config.DefaultJSONRPCAddress, "the JSON-RPC server address to listen on") cmd.Flags().String(srvflags.JSONWsAddress, config.DefaultJSONRPCWsAddress, "the JSON-RPC WS server address to listen on") - cmd.Flags().Bool(srvflags.JSONEnableUnsafeCORS, false, "Define if the JSON-RPC server should enabled CORS (unsafe - use it at your own risk)") cmd.Flags().Uint64(srvflags.JSONRPCGasCap, config.DefaultGasCap, "Sets a cap on gas that can be used in eth_call/estimateGas (0=infinite)") cmd.Flags().String(srvflags.EVMTracer, config.DefaultEVMTracer, "the EVM tracer type to collect execution traces from the EVM transaction execution (json|struct|access_list|markdown)")