Stop allowing CORS for the JSON-RPC server

As far as I can tell, there is no need to allow this, and doing so poses severe security risks (see #3374).
2018-01-06 08:42:54 +02:00 · 2018-01-06 08:42:54 +02:00 · fdd10bfb60
parent b4e43754e0
commit fdd10bfb60
1 changed files with 2 additions and 15 deletions
--- a/lib/daemon.py
+++ b/lib/daemon.py
@ -28,7 +28,7 @@ import time

 # from jsonrpc import JSONRPCResponseManager
 import jsonrpclib
-from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer, SimpleJSONRPCRequestHandler
+from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer

 from .version import ELECTRUM_VERSION
 from .network import Network
@ -87,19 +87,6 @@ def get_server(config):
        time.sleep(1.0)


-class RequestHandler(SimpleJSONRPCRequestHandler):
-
-     def do_OPTIONS(self):
-         self.send_response(200)
-         self.end_headers()
-
-     def end_headers(self):
-         self.send_header("Access-Control-Allow-Headers",
-                          "Origin, X-Requested-With, Content-Type, Accept")
-         self.send_header("Access-Control-Allow-Origin", "*")
-         SimpleJSONRPCRequestHandler.end_headers(self)
-
-
 class Daemon(DaemonThread):

    def __init__(self, config, fd):
@ -124,7 +111,7 @@ class Daemon(DaemonThread):
        host = config.get('rpchost', '127.0.0.1')
        port = config.get('rpcport', 0)
        try:
-            server = SimpleJSONRPCServer((host, port), logRequests=False, requestHandler=RequestHandler)
+            server = SimpleJSONRPCServer((host, port), logRequests=False)
        except Exception as e:
            self.print_error('Warning: cannot initialize RPC server on host', host, e)
            self.server = None