Merge branch 'tgerring-hexify' into develop

2015-04-01 12:51:44 +02:00 · 2015-04-01 12:51:44 +02:00 · dba9b83aa0
parent 4e8f8cfab7 b0e09ec827
commit dba9b83aa0
29 changed files with 1725 additions and 326 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -90,6 +90,10 @@
 			"ImportPath": "github.com/robertkrimen/otto/token",
 			"Rev": "dea31a3d392779af358ec41f77a07fcc7e9d04ba"
 		},
+		{
+			"ImportPath": "github.com/rs/cors",
+			"Rev": "6e0c3cb65fc0fdb064c743d176a620e3ca446dfb"
+		},
 		{
 			"ImportPath": "github.com/syndtr/goleveldb/leveldb",
 			"Rev": "832fa7ed4d28545eab80f19e1831fc004305cade"
--- a/Godeps/_workspace/src/github.com/rs/cors/.travis.yml
+++ b/Godeps/_workspace/src/github.com/rs/cors/.travis.yml
@ -0,0 +1,4 @@
+language: go
+go:
+- 1.3
+- 1.4
--- a/Godeps/_workspace/src/github.com/rs/cors/LICENSE
+++ b/Godeps/_workspace/src/github.com/rs/cors/LICENSE
@ -0,0 +1,19 @@
+Copyright (c) 2014 Olivier Poitrey <rs@dailymotion.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
--- a/Godeps/_workspace/src/github.com/rs/cors/README.md
+++ b/Godeps/_workspace/src/github.com/rs/cors/README.md
@ -0,0 +1,84 @@
+# Go CORS handler [![godoc](http://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://godoc.org/github.com/rs/cors) [![license](http://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://raw.githubusercontent.com/rs/cors/master/LICENSE) [![build](https://img.shields.io/travis/rs/cors.svg?style=flat)](https://travis-ci.org/rs/cors)
+
+CORS is a `net/http` handler implementing [Cross Origin Resource Sharing W3 specification](http://www.w3.org/TR/cors/) in Golang.
+
+## Getting Started
+
+After installing Go and setting up your [GOPATH](http://golang.org/doc/code.html#GOPATH), create your first `.go` file. We'll call it `server.go`.
+
+```go
+package main
+
+import (
+    "net/http"
+
+    "github.com/rs/cors"
+)
+
+func main() {
+    h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        w.Header().Set("Content-Type", "application/json")
+        w.Write([]byte("{\"hello\": \"world\"}"))
+    })
+
+    // cors.Default() setup the middleware with default options being
+    // all origins accepted with simple methods (GET, POST). See
+    // documentation below for more options.
+    handler = cors.Default().Handler(h)
+    http.ListenAndServe(":8080", handler)
+}
+```
+
+Install `cors`:
+
+    go get github.com/rs/cors
+
+Then run your server:
+
+    go run server.go
+
+The server now runs on `localhost:8080`:
+
+    $ curl -D - -H 'Origin: http://foo.com' http://localhost:8080/
+    HTTP/1.1 200 OK
+    Access-Control-Allow-Origin: foo.com
+    Content-Type: application/json
+    Date: Sat, 25 Oct 2014 03:43:57 GMT
+    Content-Length: 18
+
+    {"hello": "world"}
+
+### More Examples
+
+* `net/http`: [examples/nethttp/server.go](https://github.com/rs/cors/blob/master/examples/nethttp/server.go)
+* [Goji](https://goji.io): [examples/goji/server.go](https://github.com/rs/cors/blob/master/examples/goji/server.go)
+* [Martini](http://martini.codegangsta.io): [examples/martini/server.go](https://github.com/rs/cors/blob/master/examples/martini/server.go)
+* [Negroni](https://github.com/codegangsta/negroni): [examples/negroni/server.go](https://github.com/rs/cors/blob/master/examples/negroni/server.go)
+* [Alice](https://github.com/justinas/alice): [examples/alice/server.go](https://github.com/rs/cors/blob/master/examples/alice/server.go)
+
+## Parameters
+
+Parameters are passed to the middleware thru the `cors.New` method as follow:
+
+```go
+c := cors.New(cors.Options{
+    AllowedOrigins: []string{"http://foo.com"},
+    AllowCredentials: true,
+})
+
+// Insert the middleware
+handler = c.Handler(handler)
+```
+
+* **AllowedOrigins** `[]string`: A list of origins a cross-domain request can be executed from. If the special `*` value is present in the list, all origins will be allowed. The default value is `*`.
+* **AllowedMethods** `[]string`: A list of methods the client is allowed to use with cross-domain requests.
+* **AllowedHeaders** `[]string`: A list of non simple headers the client is allowed to use with cross-domain requests. Default value is simple methods (`GET` and `POST`)
+* **ExposedHeaders** `[]string`: Indicates which headers are safe to expose to the API of a CORS API specification
+* **AllowCredentials** `bool`: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default is `false`.
+* **MaxAge** `int`: Indicates how long (in seconds) the results of a preflight request can be cached. The default is `0` which stands for no max age.
+
+See [API documentation](http://godoc.org/github.com/rs/cors) for more info.
+
+## Licenses
+
+All source code is licensed under the [MIT License](https://raw.github.com/rs/cors/master/LICENSE).
--- a/Godeps/_workspace/src/github.com/rs/cors/bench_test.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/bench_test.go
@ -0,0 +1,37 @@
+package cors
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func BenchmarkWithout(b *testing.B) {
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+
+	for i := 0; i < b.N; i++ {
+		testHandler.ServeHTTP(res, req)
+	}
+}
+
+func BenchmarkDefault(b *testing.B) {
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+	handler := Default()
+
+	for i := 0; i < b.N; i++ {
+		handler.Handler(testHandler).ServeHTTP(res, req)
+	}
+}
+
+func BenchmarkPreflight(b *testing.B) {
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Access-Control-Request-Method", "GET")
+	handler := Default()
+
+	for i := 0; i < b.N; i++ {
+		handler.Handler(testHandler).ServeHTTP(res, req)
+	}
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/cors.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/cors.go
@ -0,0 +1,308 @@
+/*
+Package cors is net/http handler to handle CORS related requests
+as defined by http://www.w3.org/TR/cors/
+
+You can configure it by passing an option struct to cors.New:
+
+    c := cors.New(cors.Options{
+        AllowedOrigins: []string{"foo.com"},
+        AllowedMethods: []string{"GET", "POST", "DELETE"},
+        AllowCredentials: true,
+    })
+
+Then insert the handler in the chain:
+
+    handler = c.Handler(handler)
+
+See Options documentation for more options.
+
+The resulting handler is a standard net/http handler.
+*/
+package cors
+
+import (
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+)
+
+// Options is a configuration container to setup the CORS middleware.
+type Options struct {
+	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
+	// If the special "*" value is present in the list, all origins will be allowed.
+	// Default value is ["*"]
+	AllowedOrigins []string
+	// AllowedMethods is a list of methods the client is allowed to use with
+	// cross-domain requests. Default value is simple methods (GET and POST)
+	AllowedMethods []string
+	// AllowedHeaders is list of non simple headers the client is allowed to use with
+	// cross-domain requests.
+	// If the special "*" value is present in the list, all headers will be allowed.
+	// Default value is [] but "Origin" is always appended to the list.
+	AllowedHeaders []string
+	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
+	// API specification
+	ExposedHeaders []string
+	// AllowCredentials indicates whether the request can include user credentials like
+	// cookies, HTTP authentication or client side SSL certificates.
+	AllowCredentials bool
+	// MaxAge indicates how long (in seconds) the results of a preflight request
+	// can be cached
+	MaxAge int
+	// Debugging flag adds additional output to debug server side CORS issues
+	Debug bool
+	// log object to use when debugging
+	log *log.Logger
+}
+
+type Cors struct {
+	// The CORS Options
+	options Options
+}
+
+// New creates a new Cors handler with the provided options.
+func New(options Options) *Cors {
+	// Normalize options
+	// Note: for origins and methods matching, the spec requires a case-sensitive matching.
+	// As it may error prone, we chose to ignore the spec here.
+	normOptions := Options{
+		AllowedOrigins: convert(options.AllowedOrigins, strings.ToLower),
+		AllowedMethods: convert(options.AllowedMethods, strings.ToUpper),
+		// Origin is always appended as some browsers will always request
+		// for this header at preflight
+		AllowedHeaders:   convert(append(options.AllowedHeaders, "Origin"), http.CanonicalHeaderKey),
+		ExposedHeaders:   convert(options.ExposedHeaders, http.CanonicalHeaderKey),
+		AllowCredentials: options.AllowCredentials,
+		MaxAge:           options.MaxAge,
+		Debug:            options.Debug,
+		log:              log.New(os.Stdout, "[cors] ", log.LstdFlags),
+	}
+	if len(normOptions.AllowedOrigins) == 0 {
+		// Default is all origins
+		normOptions.AllowedOrigins = []string{"*"}
+	}
+	if len(normOptions.AllowedHeaders) == 1 {
+		// Add some sensible defaults
+		normOptions.AllowedHeaders = []string{"Origin", "Accept", "Content-Type"}
+	}
+	if len(normOptions.AllowedMethods) == 0 {
+		// Default is simple methods
+		normOptions.AllowedMethods = []string{"GET", "POST"}
+	}
+
+	if normOptions.Debug {
+		normOptions.log.Printf("Options: %v", normOptions)
+	}
+	return &Cors{
+		options: normOptions,
+	}
+}
+
+// Default creates a new Cors handler with default options
+func Default() *Cors {
+	return New(Options{})
+}
+
+// Handler apply the CORS specification on the request, and add relevant CORS headers
+// as necessary.
+func (cors *Cors) Handler(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "OPTIONS" {
+			cors.logf("Handler: Preflight request")
+			cors.handlePreflight(w, r)
+			// Preflight requests are standalone and should stop the chain as some other
+			// middleware may not handle OPTIONS requests correctly. One typical example
+			// is authentication middleware ; OPTIONS requests won't carry authentication
+			// headers (see #1)
+		} else {
+			cors.logf("Handler: Actual request")
+			cors.handleActualRequest(w, r)
+			h.ServeHTTP(w, r)
+		}
+	})
+}
+
+// Martini compatible handler
+func (cors *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "OPTIONS" {
+		cors.logf("HandlerFunc: Preflight request")
+		cors.handlePreflight(w, r)
+	} else {
+		cors.logf("HandlerFunc: Actual request")
+		cors.handleActualRequest(w, r)
+	}
+}
+
+// Negroni compatible interface
+func (cors *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	if r.Method == "OPTIONS" {
+		cors.logf("ServeHTTP: Preflight request")
+		cors.handlePreflight(w, r)
+		// Preflight requests are standalone and should stop the chain as some other
+		// middleware may not handle OPTIONS requests correctly. One typical example
+		// is authentication middleware ; OPTIONS requests won't carry authentication
+		// headers (see #1)
+	} else {
+		cors.logf("ServeHTTP: Actual request")
+		cors.handleActualRequest(w, r)
+		next(w, r)
+	}
+}
+
+// handlePreflight handles pre-flight CORS requests
+func (cors *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
+	options := cors.options
+	headers := w.Header()
+	origin := r.Header.Get("Origin")
+
+	if r.Method != "OPTIONS" {
+		cors.logf("  Preflight aborted: %s!=OPTIONS", r.Method)
+		return
+	}
+	if origin == "" {
+		cors.logf("  Preflight aborted: empty origin")
+		return
+	}
+	if !cors.isOriginAllowed(origin) {
+		cors.logf("  Preflight aborted: origin '%s' not allowed", origin)
+		return
+	}
+
+	reqMethod := r.Header.Get("Access-Control-Request-Method")
+	if !cors.isMethodAllowed(reqMethod) {
+		cors.logf("  Preflight aborted: method '%s' not allowed", reqMethod)
+		return
+	}
+	reqHeaders := parseHeaderList(r.Header.Get("Access-Control-Request-Headers"))
+	if !cors.areHeadersAllowed(reqHeaders) {
+		cors.logf("  Preflight aborted: headers '%v' not allowed", reqHeaders)
+		return
+	}
+	headers.Set("Access-Control-Allow-Origin", origin)
+	headers.Add("Vary", "Origin")
+	// Spec says: Since the list of methods can be unbounded, simply returning the method indicated
+	// by Access-Control-Request-Method (if supported) can be enough
+	headers.Set("Access-Control-Allow-Methods", strings.ToUpper(reqMethod))
+	if len(reqHeaders) > 0 {
+
+		// Spec says: Since the list of headers can be unbounded, simply returning supported headers
+		// from Access-Control-Request-Headers can be enough
+		headers.Set("Access-Control-Allow-Headers", strings.Join(reqHeaders, ", "))
+	}
+	if options.AllowCredentials {
+		headers.Set("Access-Control-Allow-Credentials", "true")
+	}
+	if options.MaxAge > 0 {
+		headers.Set("Access-Control-Max-Age", strconv.Itoa(options.MaxAge))
+	}
+	cors.logf("  Preflight response headers: %v", headers)
+}
+
+// handleActualRequest handles simple cross-origin requests, actual request or redirects
+func (cors *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) {
+	options := cors.options
+	headers := w.Header()
+	origin := r.Header.Get("Origin")
+
+	if r.Method == "OPTIONS" {
+		cors.logf("  Actual request no headers added: method == %s", r.Method)
+		return
+	}
+	if origin == "" {
+		cors.logf("  Actual request no headers added: missing origin")
+		return
+	}
+	if !cors.isOriginAllowed(origin) {
+		cors.logf("  Actual request no headers added: origin '%s' not allowed", origin)
+		return
+	}
+
+	// Note that spec does define a way to specifically disallow a simple method like GET or
+	// POST. Access-Control-Allow-Methods is only used for pre-flight requests and the
+	// spec doesn't instruct to check the allowed methods for simple cross-origin requests.
+	// We think it's a nice feature to be able to have control on those methods though.
+	if !cors.isMethodAllowed(r.Method) {
+		if cors.options.Debug {
+			cors.logf("  Actual request no headers added: method '%s' not allowed",
+				r.Method)
+		}
+
+		return
+	}
+	headers.Set("Access-Control-Allow-Origin", origin)
+	headers.Add("Vary", "Origin")
+	if len(options.ExposedHeaders) > 0 {
+		headers.Set("Access-Control-Expose-Headers", strings.Join(options.ExposedHeaders, ", "))
+	}
+	if options.AllowCredentials {
+		headers.Set("Access-Control-Allow-Credentials", "true")
+	}
+	cors.logf("  Actual response added headers: %v", headers)
+}
+
+// convenience method. checks if debugging is turned on before printing
+func (cors *Cors) logf(format string, a ...interface{}) {
+	if cors.options.Debug {
+		cors.options.log.Printf(format, a...)
+	}
+}
+
+// isOriginAllowed checks if a given origin is allowed to perform cross-domain requests
+// on the endpoint
+func (cors *Cors) isOriginAllowed(origin string) bool {
+	allowedOrigins := cors.options.AllowedOrigins
+	origin = strings.ToLower(origin)
+	for _, allowedOrigin := range allowedOrigins {
+		switch allowedOrigin {
+		case "*":
+			return true
+		case origin:
+			return true
+		}
+	}
+	return false
+}
+
+// isMethodAllowed checks if a given method can be used as part of a cross-domain request
+// on the endpoing
+func (cors *Cors) isMethodAllowed(method string) bool {
+	allowedMethods := cors.options.AllowedMethods
+	if len(allowedMethods) == 0 {
+		// If no method allowed, always return false, even for preflight request
+		return false
+	}
+	method = strings.ToUpper(method)
+	if method == "OPTIONS" {
+		// Always allow preflight requests
+		return true
+	}
+	for _, allowedMethod := range allowedMethods {
+		if allowedMethod == method {
+			return true
+		}
+	}
+	return false
+}
+
+// areHeadersAllowed checks if a given list of headers are allowed to used within
+// a cross-domain request.
+func (cors *Cors) areHeadersAllowed(requestedHeaders []string) bool {
+	if len(requestedHeaders) == 0 {
+		return true
+	}
+	for _, header := range requestedHeaders {
+		found := false
+		for _, allowedHeader := range cors.options.AllowedHeaders {
+			if allowedHeader == "*" || allowedHeader == header {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+	return true
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/cors_test.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/cors_test.go
@ -0,0 +1,288 @@
+package cors
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+var testHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	w.Write([]byte("bar"))
+})
+
+func assertHeaders(t *testing.T, resHeaders http.Header, reqHeaders map[string]string) {
+	for name, value := range reqHeaders {
+		if resHeaders.Get(name) != value {
+			t.Errorf("Invalid header `%s', wanted `%s', got `%s'", name, value, resHeaders.Get(name))
+		}
+	}
+}
+
+func TestNoConfig(t *testing.T) {
+	s := New(Options{
+	// Intentionally left blank.
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestWildcardOrigin(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"*"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestAllowedOrigin(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestDisallowedOrigin(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://barbaz.com")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestAllowedMethod(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		AllowedMethods: []string{"PUT", "DELETE"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "PUT")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "PUT",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestDisallowedMethod(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		AllowedMethods: []string{"PUT", "DELETE"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "PATCH")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestAllowedHeader(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		AllowedHeaders: []string{"X-Header-1", "x-header-2"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "GET")
+	req.Header.Add("Access-Control-Request-Headers", "X-Header-2, X-HEADER-1")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "GET",
+		"Access-Control-Allow-Headers":     "X-Header-2, X-Header-1",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestAllowedWildcardHeader(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		AllowedHeaders: []string{"*"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "GET")
+	req.Header.Add("Access-Control-Request-Headers", "X-Header-2, X-HEADER-1")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "GET",
+		"Access-Control-Allow-Headers":     "X-Header-2, X-Header-1",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestDisallowedHeader(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		AllowedHeaders: []string{"X-Header-1", "x-header-2"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "GET")
+	req.Header.Add("Access-Control-Request-Headers", "X-Header-3, X-Header-1")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestOriginHeader(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "GET")
+	req.Header.Add("Access-Control-Request-Headers", "origin")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "GET",
+		"Access-Control-Allow-Headers":     "Origin",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
+
+func TestExposedHeader(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins: []string{"http://foobar.com"},
+		ExposedHeaders: []string{"X-Header-1", "x-header-2"},
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "X-Header-1, X-Header-2",
+	})
+}
+
+func TestAllowedCredentials(t *testing.T) {
+	s := New(Options{
+		AllowedOrigins:   []string{"http://foobar.com"},
+		AllowCredentials: true,
+	})
+
+	res := httptest.NewRecorder()
+	req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
+	req.Header.Add("Origin", "http://foobar.com")
+	req.Header.Add("Access-Control-Request-Method", "GET")
+
+	s.Handler(testHandler).ServeHTTP(res, req)
+
+	assertHeaders(t, res.Header(), map[string]string{
+		"Access-Control-Allow-Origin":      "http://foobar.com",
+		"Access-Control-Allow-Methods":     "GET",
+		"Access-Control-Allow-Headers":     "",
+		"Access-Control-Allow-Credentials": "true",
+		"Access-Control-Max-Age":           "",
+		"Access-Control-Expose-Headers":    "",
+	})
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/alice/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/alice/server.go
@ -0,0 +1,24 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/justinas/alice"
+	"github.com/rs/cors"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"http://foo.com"},
+	})
+
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	chain := alice.New(c.Handler).Then(mux)
+	http.ListenAndServe(":8080", chain)
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/default/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/default/server.go
@ -0,0 +1,18 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/rs/cors"
+)
+
+func main() {
+	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	// Use default options
+	handler := cors.Default().Handler(h)
+	http.ListenAndServe(":8080", handler)
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/goji/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/goji/server.go
@ -0,0 +1,22 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/rs/cors"
+	"github.com/zenazn/goji"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"http://foo.com"},
+	})
+	goji.Use(c.Handler)
+
+	goji.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	goji.Serve()
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/martini/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/martini/server.go
@ -0,0 +1,23 @@
+package main
+
+import (
+	"github.com/go-martini/martini"
+	"github.com/martini-contrib/render"
+	"github.com/rs/cors"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"http://foo.com"},
+	})
+
+	m := martini.Classic()
+	m.Use(render.Renderer())
+	m.Use(c.HandlerFunc)
+
+	m.Get("/", func(r render.Render) {
+		r.JSON(200, map[string]interface{}{"hello": "world"})
+	})
+
+	m.Run()
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/negroni/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/negroni/server.go
@ -0,0 +1,26 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/codegangsta/negroni"
+	"github.com/rs/cors"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"http://foo.com"},
+	})
+
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	n := negroni.Classic()
+	n.Use(c)
+	n.UseHandler(mux)
+	n.Run(":3000")
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/nethttp/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/nethttp/server.go
@ -0,0 +1,20 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/rs/cors"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"http://foo.com"},
+	})
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	http.ListenAndServe(":8080", c.Handler(handler))
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/examples/openbar/server.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/examples/openbar/server.go
@ -0,0 +1,22 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/rs/cors"
+)
+
+func main() {
+	c := cors.New(cors.Options{
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE"},
+		AllowCredentials: true,
+	})
+
+	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte("{\"hello\": \"world\"}"))
+	})
+
+	http.ListenAndServe(":8080", c.Handler(h))
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/utils.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/utils.go
@ -0,0 +1,27 @@
+package cors
+
+import (
+	"net/http"
+	"strings"
+)
+
+type converter func(string) string
+
+// convert converts a list of string using the passed converter function
+func convert(s []string, c converter) []string {
+	out := []string{}
+	for _, i := range s {
+		out = append(out, c(i))
+	}
+	return out
+}
+
+func parseHeaderList(headerList string) (headers []string) {
+	for _, header := range strings.Split(headerList, ",") {
+		header = http.CanonicalHeaderKey(strings.TrimSpace(header))
+		if header != "" {
+			headers = append(headers, header)
+		}
+	}
+	return headers
+}
--- a/Godeps/_workspace/src/github.com/rs/cors/utils_test.go
+++ b/Godeps/_workspace/src/github.com/rs/cors/utils_test.go
@ -0,0 +1,28 @@
+package cors
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestConvert(t *testing.T) {
+	s := convert([]string{"A", "b", "C"}, strings.ToLower)
+	e := []string{"a", "b", "c"}
+	if s[0] != e[0] || s[1] != e[1] || s[2] != e[2] {
+		t.Errorf("%v != %v", s, e)
+	}
+}
+
+func TestParseHeaderList(t *testing.T) {
+	h := parseHeaderList("header, second-header, THIRD-HEADER")
+	e := []string{"Header", "Second-Header", "Third-Header"}
+	if h[0] != e[0] || h[1] != e[1] || h[2] != e[2] {
+		t.Errorf("%v != %v", h, e)
+	}
+}
+
+func TestParseHeaderListEmpty(t *testing.T) {
+	if len(parseHeaderList("")) != 0 {
+		t.Error("should be empty sclice")
+	}
+}
--- a/cmd/geth/admin.go
+++ b/cmd/geth/admin.go
@ -2,8 +2,6 @@ package main

 import (
 	"fmt"
-	"net"
-	"net/http"
 	"os"
 	"time"

@ -70,12 +68,20 @@ func (js *jsre) startRPC(call otto.FunctionCall) otto.Value {
 		return otto.FalseValue()
 	}

-	l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", addr, port))
+	config := rpc.RpcConfig{
+		ListenAddress: addr,
+		ListenPort:    uint(port),
+		// CorsDomain:    ctx.GlobalString(RPCCORSDomainFlag.Name),
+	}
+
+	xeth := xeth.New(js.ethereum, nil)
+	err = rpc.Start(xeth, config)
+
 	if err != nil {
-		fmt.Printf("Can't listen on %s:%d: %v", addr, port, err)
+		fmt.Printf(err.Error())
 		return otto.FalseValue()
 	}
-	go http.Serve(l, rpc.JSONRPC(xeth.New(js.ethereum, nil)))
+
 	return otto.TrueValue()
 }

--- a/cmd/geth/main.go
+++ b/cmd/geth/main.go
@ -233,6 +233,7 @@ JavaScript API. See https://github.com/ethereum/go-ethereum/wiki/Javascipt-Conso
 		utils.VMDebugFlag,
 		utils.ProtocolVersionFlag,
 		utils.NetworkIdFlag,
+		utils.RPCCORSDomainFlag,
 	}

 	// missing:
--- a/cmd/mist/main.go
+++ b/cmd/mist/main.go
@ -47,12 +47,19 @@ var (
 		Usage: "absolute path to GUI assets directory",
 		Value: common.DefaultAssetPath(),
 	}
+	rpcCorsFlag = utils.RPCCORSDomainFlag
 )

 func init() {
+	// Mist-specific default
+	if len(rpcCorsFlag.Value) == 0 {
+		rpcCorsFlag.Value = "http://localhost"
+	}
+
 	app.Action = run
 	app.Flags = []cli.Flag{
 		assetPathFlag,
+		rpcCorsFlag,

 		utils.BootnodesFlag,
 		utils.DataDirFlag,
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@ -2,9 +2,6 @@ package utils

 import (
 	"crypto/ecdsa"
-	"fmt"
-	"net"
-	"net/http"
 	"os"
 	"path"
 	"runtime"
@ -148,7 +145,11 @@ var (
 		Usage: "Port on which the JSON-RPC server should listen",
 		Value: 8545,
 	}
-
+	RPCCORSDomainFlag = cli.StringFlag{
+		Name:  "rpccorsdomain",
+		Usage: "Domain on which to send Access-Control-Allow-Origin header",
+		Value: "",
+	}
 	// Network Settings
 	MaxPeersFlag = cli.IntFlag{
 		Name:  "maxpeers",
@ -255,12 +256,12 @@ func GetAccountManager(ctx *cli.Context) *accounts.Manager {
 }

 func StartRPC(eth *eth.Ethereum, ctx *cli.Context) {
-	addr := ctx.GlobalString(RPCListenAddrFlag.Name)
-	port := ctx.GlobalInt(RPCPortFlag.Name)
-	fmt.Println("Starting RPC on port: ", port)
-	l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", addr, port))
-	if err != nil {
-		Fatalf("Can't listen on %s:%d: %v", addr, port, err)
+	config := rpc.RpcConfig{
+		ListenAddress: ctx.GlobalString(RPCListenAddrFlag.Name),
+		ListenPort:    uint(ctx.GlobalInt(RPCPortFlag.Name)),
+		CorsDomain:    ctx.GlobalString(RPCCORSDomainFlag.Name),
 	}
-	go http.Serve(l, rpc.JSONRPC(xeth.New(eth, nil)))
+
+	xeth := xeth.New(eth, nil)
+	_ = rpc.Start(xeth, config)
 }
--- a/core/block_processor.go
+++ b/core/block_processor.go
@ -233,8 +233,9 @@ func (sm *BlockProcessor) processWithParent(block, parent *types.Block) (td *big
 		sm.txpool.RemoveSet(block.Transactions())
 	}

-	for _, tx := range block.Transactions() {
-		putTx(sm.extraDb, tx)
+	// This puts transactions in a extra db for rpc
+	for i, tx := range block.Transactions() {
+		putTx(sm.extraDb, tx, block, uint64(i))
 	}

 	if uncle {
@ -362,11 +363,26 @@ func (sm *BlockProcessor) GetLogs(block *types.Block) (logs state.Logs, err erro
 	return state.Logs(), nil
 }

-func putTx(db common.Database, tx *types.Transaction) {
+func putTx(db common.Database, tx *types.Transaction, block *types.Block, i uint64) {
 	rlpEnc, err := rlp.EncodeToBytes(tx)
 	if err != nil {
 		statelogger.Infoln("Failed encoding tx", err)
 		return
 	}
 	db.Put(tx.Hash().Bytes(), rlpEnc)
+
+	var txExtra struct {
+		BlockHash  common.Hash
+		BlockIndex uint64
+		Index      uint64
+	}
+	txExtra.BlockHash = block.Hash()
+	txExtra.BlockIndex = block.NumberU64()
+	txExtra.Index = i
+	rlpMeta, err := rlp.EncodeToBytes(txExtra)
+	if err != nil {
+		statelogger.Infoln("Failed encoding meta", err)
+		return
+	}
+	db.Put(append(tx.Hash().Bytes(), 0x0001), rlpMeta)
 }
--- a/rpc/api.go
+++ b/rpc/api.go
@ -54,7 +54,7 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 	case "net_peerCount":
 		v := api.xeth().PeerCount()
 		*reply = common.ToHex(big.NewInt(int64(v)).Bytes())
-	case "eth_version":
+	case "eth_protocolVersion":
 		*reply = api.xeth().EthVersion()
 	case "eth_coinbase":
 		// TODO handling of empty coinbase due to lack of accounts
@ -159,7 +159,7 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 		}
 		*reply = v
 	case "eth_call":
-		args := new(NewTxArgs)
+		args := new(CallArgs)
 		if err := json.Unmarshal(req.Params, &args); err != nil {
 			return err
 		}
@ -199,9 +199,13 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 		args := new(HashIndexArgs)
 		if err := json.Unmarshal(req.Params, &args); err != nil {
 		}
-		tx := api.xeth().EthTransactionByHash(args.Hash)
+		tx, bhash, bnum, txi := api.xeth().EthTransactionByHash(args.Hash)
 		if tx != nil {
-			*reply = NewTransactionRes(tx)
+			v := NewTransactionRes(tx)
+			v.BlockHash = newHexData(bhash)
+			v.BlockNumber = newHexNum(bnum)
+			v.TxIndex = newHexNum(txi)
+			*reply = v
 		}
 	case "eth_getTransactionByBlockHashAndIndex":
 		args := new(HashIndexArgs)
@ -213,7 +217,7 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 		br := NewBlockRes(block)
 		br.fullTx = true

-		if args.Index > int64(len(br.Transactions)) || args.Index < 0 {
+		if args.Index >= int64(len(br.Transactions)) || args.Index < 0 {
 			return NewValidationError("Index", "does not exist")
 		}
 		*reply = br.Transactions[args.Index]
@ -227,7 +231,7 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 		v := NewBlockRes(block)
 		v.fullTx = true

-		if args.Index > int64(len(v.Transactions)) || args.Index < 0 {
+		if args.Index >= int64(len(v.Transactions)) || args.Index < 0 {
 			return NewValidationError("Index", "does not exist")
 		}
 		*reply = v.Transactions[args.Index]
@ -239,12 +243,12 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err

 		br := NewBlockRes(api.xeth().EthBlockByHash(args.Hash))

-		if args.Index > int64(len(br.Uncles)) || args.Index < 0 {
+		if args.Index >= int64(len(br.Uncles)) || args.Index < 0 {
 			return NewValidationError("Index", "does not exist")
 		}

 		uhash := br.Uncles[args.Index]
-		uncle := NewBlockRes(api.xeth().EthBlockByHash(uhash.Hex()))
+		uncle := NewBlockRes(api.xeth().EthBlockByHash(uhash.String()))

 		*reply = uncle
 	case "eth_getUncleByBlockNumberAndIndex":
@ -257,12 +261,12 @@ func (api *EthereumApi) GetRequestReply(req *RpcRequest, reply *interface{}) err
 		v := NewBlockRes(block)
 		v.fullTx = true

-		if args.Index > int64(len(v.Uncles)) || args.Index < 0 {
+		if args.Index >= int64(len(v.Uncles)) || args.Index < 0 {
 			return NewValidationError("Index", "does not exist")
 		}

 		uhash := v.Uncles[args.Index]
-		uncle := NewBlockRes(api.xeth().EthBlockByHash(uhash.Hex()))
+		uncle := NewBlockRes(api.xeth().EthBlockByHash(uhash.String()))

 		*reply = uncle
 	case "eth_getCompilers":
--- a/rpc/args.go
+++ b/rpc/args.go
@ -238,6 +238,93 @@ func (args *NewTxArgs) UnmarshalJSON(b []byte) (err error) {
 	return nil
 }

+type CallArgs struct {
+	From     string
+	To       string
+	Value    *big.Int
+	Gas      *big.Int
+	GasPrice *big.Int
+	Data     string
+
+	BlockNumber int64
+}
+
+func (args *CallArgs) UnmarshalJSON(b []byte) (err error) {
+	var obj []json.RawMessage
+	var ext struct {
+		From     string
+		To       string
+		Value    interface{}
+		Gas      interface{}
+		GasPrice interface{}
+		Data     string
+	}
+
+	// Decode byte slice to array of RawMessages
+	if err := json.Unmarshal(b, &obj); err != nil {
+		return NewDecodeParamError(err.Error())
+	}
+
+	// Check for sufficient params
+	if len(obj) < 1 {
+		return NewInsufficientParamsError(len(obj), 1)
+	}
+
+	// Decode 0th RawMessage to temporary struct
+	if err := json.Unmarshal(obj[0], &ext); err != nil {
+		return NewDecodeParamError(err.Error())
+	}
+
+	if len(ext.From) == 0 {
+		return NewValidationError("from", "is required")
+	}
+	args.From = ext.From
+
+	if len(ext.To) == 0 {
+		return NewValidationError("to", "is required")
+	}
+	args.To = ext.To
+
+	var num int64
+	if ext.Value == nil {
+		num = int64(0)
+	} else {
+		if err := numString(ext.Value, &num); err != nil {
+			return err
+		}
+	}
+	args.Value = big.NewInt(num)
+
+	if ext.Gas == nil {
+		num = int64(0)
+	} else {
+		if err := numString(ext.Gas, &num); err != nil {
+			return err
+		}
+	}
+	args.Gas = big.NewInt(num)
+
+	if ext.GasPrice == nil {
+		num = int64(0)
+	} else {
+		if err := numString(ext.GasPrice, &num); err != nil {
+			return err
+		}
+	}
+	args.GasPrice = big.NewInt(num)
+
+	args.Data = ext.Data
+
+	// Check for optional BlockNumber param
+	if len(obj) > 1 {
+		if err := blockHeightFromJson(obj[1], &args.BlockNumber); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 type GetStorageArgs struct {
 	Address     string
 	BlockNumber int64
--- a/rpc/args_test.go
+++ b/rpc/args_test.go
@ -531,14 +531,275 @@ func TestNewTxArgsFromEmpty(t *testing.T) {
 	input := `[{"to": "0xb60e8dd61c5d32be8058bb8eb970870f07233155"}]`

 	args := new(NewTxArgs)
-	err := json.Unmarshal([]byte(input), &args)
-	switch err.(type) {
-	case nil:
-		t.Error("Expected error but didn't get one")
-	case *ValidationError:
-		break
-	default:
-		t.Errorf("Expected *rpc.ValidationError, but got %T with message `%s`", err, err.Error())
+	str := ExpectValidationError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgs(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "gasPrice": "0x9184e72a000",
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"},
+  "0x10"]`
+	expected := new(CallArgs)
+	expected.From = "0xb60e8dd61c5d32be8058bb8eb970870f07233155"
+	expected.To = "0xd46e8dd67c5d32be8058bb8eb970870f072445675"
+	expected.Gas = big.NewInt(30400)
+	expected.GasPrice = big.NewInt(10000000000000)
+	expected.Value = big.NewInt(10000000000000)
+	expected.Data = "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+	expected.BlockNumber = big.NewInt(16).Int64()
+
+	args := new(CallArgs)
+	if err := json.Unmarshal([]byte(input), &args); err != nil {
+		t.Error(err)
+	}
+
+	if expected.From != args.From {
+		t.Errorf("From shoud be %#v but is %#v", expected.From, args.From)
+	}
+
+	if expected.To != args.To {
+		t.Errorf("To shoud be %#v but is %#v", expected.To, args.To)
+	}
+
+	if bytes.Compare(expected.Gas.Bytes(), args.Gas.Bytes()) != 0 {
+		t.Errorf("Gas shoud be %#v but is %#v", expected.Gas.Bytes(), args.Gas.Bytes())
+	}
+
+	if bytes.Compare(expected.GasPrice.Bytes(), args.GasPrice.Bytes()) != 0 {
+		t.Errorf("GasPrice shoud be %#v but is %#v", expected.GasPrice, args.GasPrice)
+	}
+
+	if bytes.Compare(expected.Value.Bytes(), args.Value.Bytes()) != 0 {
+		t.Errorf("Value shoud be %#v but is %#v", expected.Value, args.Value)
+	}
+
+	if expected.Data != args.Data {
+		t.Errorf("Data shoud be %#v but is %#v", expected.Data, args.Data)
+	}
+
+	if expected.BlockNumber != args.BlockNumber {
+		t.Errorf("BlockNumber shoud be %#v but is %#v", expected.BlockNumber, args.BlockNumber)
+	}
+}
+
+func TestCallArgsInt(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": 100,
+  "gasPrice": 50,
+  "value": 8765456789,
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"},
+  5]`
+	expected := new(CallArgs)
+	expected.Gas = big.NewInt(100)
+	expected.GasPrice = big.NewInt(50)
+	expected.Value = big.NewInt(8765456789)
+	expected.BlockNumber = int64(5)
+
+	args := new(CallArgs)
+	if err := json.Unmarshal([]byte(input), &args); err != nil {
+		t.Error(err)
+	}
+
+	if bytes.Compare(expected.Gas.Bytes(), args.Gas.Bytes()) != 0 {
+		t.Errorf("Gas shoud be %v but is %v", expected.Gas, args.Gas)
+	}
+
+	if bytes.Compare(expected.GasPrice.Bytes(), args.GasPrice.Bytes()) != 0 {
+		t.Errorf("GasPrice shoud be %v but is %v", expected.GasPrice, args.GasPrice)
+	}
+
+	if bytes.Compare(expected.Value.Bytes(), args.Value.Bytes()) != 0 {
+		t.Errorf("Value shoud be %v but is %v", expected.Value, args.Value)
+	}
+
+	if expected.BlockNumber != args.BlockNumber {
+		t.Errorf("BlockNumber shoud be %v but is %v", expected.BlockNumber, args.BlockNumber)
+	}
+}
+
+func TestCallArgsBlockBool(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "gasPrice": "0x9184e72a000",
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"},
+  false]`
+
+	args := new(CallArgs)
+	str := ExpectInvalidTypeError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsGasInvalid(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": false,
+  "gasPrice": "0x9184e72a000",
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+  }]`
+
+	args := new(CallArgs)
+	str := ExpectInvalidTypeError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsGaspriceInvalid(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "gasPrice": false,
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+  }]`
+
+	args := new(CallArgs)
+	str := ExpectInvalidTypeError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsValueInvalid(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "gasPrice": "0x9184e72a000",
+  "value": false,
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+	}]`
+
+	args := new(CallArgs)
+	str := ExpectInvalidTypeError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsGasMissing(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gasPrice": "0x9184e72a000",
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+  }]`
+
+	args := new(CallArgs)
+	if err := json.Unmarshal([]byte(input), &args); err != nil {
+		t.Error(err)
+	}
+
+	expected := new(CallArgs)
+	expected.Gas = big.NewInt(0)
+
+	if bytes.Compare(expected.Gas.Bytes(), args.Gas.Bytes()) != 0 {
+		t.Errorf("Gas shoud be %v but is %v", expected.Gas, args.Gas)
+	}
+
+}
+
+func TestCallArgsBlockGaspriceMissing(t *testing.T) {
+	input := `[{
+	"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "value": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+  }]`
+
+	args := new(CallArgs)
+	if err := json.Unmarshal([]byte(input), &args); err != nil {
+		t.Error(err)
+	}
+
+	expected := new(CallArgs)
+	expected.GasPrice = big.NewInt(0)
+
+	if bytes.Compare(expected.GasPrice.Bytes(), args.GasPrice.Bytes()) != 0 {
+		t.Errorf("GasPrice shoud be %v but is %v", expected.GasPrice, args.GasPrice)
+	}
+}
+
+func TestCallArgsValueMissing(t *testing.T) {
+	input := `[{
+	"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155",
+  "to": "0xd46e8dd67c5d32be8058bb8eb970870f072445675",
+  "gas": "0x76c0",
+  "gasPrice": "0x9184e72a000",
+  "data": "0xd46e8dd67c5d32be8d46e8dd67c5d32be8058bb8eb970870f072445675058bb8eb970870f072445675"
+	}]`
+
+	args := new(CallArgs)
+	if err := json.Unmarshal([]byte(input), &args); err != nil {
+		t.Error(err)
+	}
+
+	expected := new(CallArgs)
+	expected.Value = big.NewInt(int64(0))
+
+	if bytes.Compare(expected.Value.Bytes(), args.Value.Bytes()) != 0 {
+		t.Errorf("GasPrice shoud be %v but is %v", expected.Value, args.Value)
+	}
+}
+
+func TestCallArgsEmpty(t *testing.T) {
+	input := `[]`
+
+	args := new(CallArgs)
+	str := ExpectInsufficientParamsError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsInvalid(t *testing.T) {
+	input := `{}`
+
+	args := new(CallArgs)
+	str := ExpectDecodeParamError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+func TestCallArgsNotStrings(t *testing.T) {
+	input := `[{"from":6}]`
+
+	args := new(CallArgs)
+	str := ExpectDecodeParamError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsFromEmpty(t *testing.T) {
+	input := `[{"to": "0xb60e8dd61c5d32be8058bb8eb970870f07233155"}]`
+
+	args := new(CallArgs)
+	str := ExpectValidationError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
+	}
+}
+
+func TestCallArgsToEmpty(t *testing.T) {
+	input := `[{"from": "0xb60e8dd61c5d32be8058bb8eb970870f07233155"}]`
+
+	args := new(CallArgs)
+	str := ExpectValidationError(json.Unmarshal([]byte(input), &args))
+	if len(str) > 0 {
+		t.Error(str)
 	}
 }

--- a/rpc/http.go
+++ b/rpc/http.go
@ -2,12 +2,15 @@ package rpc

 import (
 	"encoding/json"
+	"fmt"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/http"

 	"github.com/ethereum/go-ethereum/logger"
 	"github.com/ethereum/go-ethereum/xeth"
+	"github.com/rs/cors"
 )

 var rpclogger = logger.NewLogger("RPC")
@ -17,13 +20,36 @@ const (
 	maxSizeReqLength = 1024 * 1024 // 1MB
 )

+func Start(pipe *xeth.XEth, config RpcConfig) error {
+	l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", config.ListenAddress, config.ListenPort))
+	if err != nil {
+		rpclogger.Errorf("Can't listen on %s:%d: %v", config.ListenAddress, config.ListenPort, err)
+		return err
+	}
+
+	var handler http.Handler
+	if len(config.CorsDomain) > 0 {
+		var opts cors.Options
+		opts.AllowedMethods = []string{"POST"}
+		opts.AllowedOrigins = []string{config.CorsDomain}
+
+		c := cors.New(opts)
+		handler = c.Handler(JSONRPC(pipe))
+	} else {
+		handler = JSONRPC(pipe)
+	}
+
+	go http.Serve(l, handler)
+
+	return nil
+}
+
 // JSONRPC returns a handler that implements the Ethereum JSON-RPC API.
 func JSONRPC(pipe *xeth.XEth) http.Handler {
 	api := NewEthereumApi(pipe)

 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		// TODO this needs to be configurable
-		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Content-Type", "application/json")

 		// Limit request size to resist DoS
 		if req.ContentLength > maxSizeReqLength {
--- a/rpc/messages.go
+++ b/rpc/messages.go
@ -19,8 +19,101 @@ package rpc
 import (
 	"encoding/json"
 	"fmt"
+	"math/big"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/common"
 )

+type hexdata struct {
+	data []byte
+}
+
+func (d *hexdata) String() string {
+	return "0x" + common.Bytes2Hex(d.data)
+}
+
+func (d *hexdata) MarshalJSON() ([]byte, error) {
+	return json.Marshal(d.String())
+}
+
+func (d *hexdata) UnmarshalJSON(b []byte) (err error) {
+	d.data = common.FromHex(string(b))
+	return nil
+}
+
+func newHexData(input interface{}) *hexdata {
+	d := new(hexdata)
+
+	switch input := input.(type) {
+	case []byte:
+		d.data = input
+	case common.Hash:
+		d.data = input.Bytes()
+	case *common.Hash:
+		d.data = input.Bytes()
+	case common.Address:
+		d.data = input.Bytes()
+	case *common.Address:
+		d.data = input.Bytes()
+	case *big.Int:
+		d.data = input.Bytes()
+	case int64:
+		d.data = big.NewInt(input).Bytes()
+	case uint64:
+		d.data = big.NewInt(int64(input)).Bytes()
+	case int:
+		d.data = big.NewInt(int64(input)).Bytes()
+	case uint:
+		d.data = big.NewInt(int64(input)).Bytes()
+	case string: // hexstring
+		d.data = common.Big(input).Bytes()
+	default:
+		d.data = nil
+	}
+
+	return d
+}
+
+type hexnum struct {
+	data []byte
+}
+
+func (d *hexnum) String() string {
+	// Get hex string from bytes
+	out := common.Bytes2Hex(d.data)
+	// Trim leading 0s
+	out = strings.Trim(out, "0")
+	// Output "0x0" when value is 0
+	if len(out) == 0 {
+		out = "0"
+	}
+	return "0x" + out
+}
+
+func (d *hexnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(d.String())
+}
+
+func (d *hexnum) UnmarshalJSON(b []byte) (err error) {
+	d.data = common.FromHex(string(b))
+	return nil
+}
+
+func newHexNum(input interface{}) *hexnum {
+	d := new(hexnum)
+
+	d.data = newHexData(input).data
+
+	return d
+}
+
+type RpcConfig struct {
+	ListenAddress string
+	ListenPort    uint
+	CorsDomain    string
+}
+
 type InvalidTypeError struct {
 	method string
 	msg    string
--- a/rpc/responses.go
+++ b/rpc/responses.go
@ -1,11 +1,6 @@
 package rpc

 import (
-	"encoding/json"
-	// "fmt"
-	"math/big"
-
-	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/state"
 	"github.com/ethereum/go-ethereum/core/types"
 )
@ -13,84 +8,25 @@ import (
 type BlockRes struct {
 	fullTx bool

-	BlockNumber     *big.Int          `json:"number"`
-	BlockHash       common.Hash       `json:"hash"`
-	ParentHash      common.Hash       `json:"parentHash"`
-	Nonce           [8]byte           `json:"nonce"`
-	Sha3Uncles      common.Hash       `json:"sha3Uncles"`
-	LogsBloom       types.Bloom       `json:"logsBloom"`
-	TransactionRoot common.Hash       `json:"transactionRoot"`
-	StateRoot       common.Hash       `json:"stateRoot"`
-	Miner           common.Address    `json:"miner"`
-	Difficulty      *big.Int          `json:"difficulty"`
-	TotalDifficulty *big.Int          `json:"totalDifficulty"`
-	Size            *big.Int          `json:"size"`
-	ExtraData       []byte            `json:"extraData"`
-	GasLimit        *big.Int          `json:"gasLimit"`
-	MinGasPrice     int64             `json:"minGasPrice"`
-	GasUsed         *big.Int          `json:"gasUsed"`
-	UnixTimestamp   int64             `json:"timestamp"`
+	BlockNumber     *hexnum           `json:"number"`
+	BlockHash       *hexdata          `json:"hash"`
+	ParentHash      *hexdata          `json:"parentHash"`
+	Nonce           *hexnum           `json:"nonce"`
+	Sha3Uncles      *hexdata          `json:"sha3Uncles"`
+	LogsBloom       *hexdata          `json:"logsBloom"`
+	TransactionRoot *hexdata          `json:"transactionRoot"`
+	StateRoot       *hexdata          `json:"stateRoot"`
+	Miner           *hexdata          `json:"miner"`
+	Difficulty      *hexnum           `json:"difficulty"`
+	TotalDifficulty *hexnum           `json:"totalDifficulty"`
+	Size            *hexnum           `json:"size"`
+	ExtraData       *hexdata          `json:"extraData"`
+	GasLimit        *hexnum           `json:"gasLimit"`
+	MinGasPrice     *hexnum           `json:"minGasPrice"`
+	GasUsed         *hexnum           `json:"gasUsed"`
+	UnixTimestamp   *hexnum           `json:"timestamp"`
 	Transactions    []*TransactionRes `json:"transactions"`
-	Uncles          []common.Hash     `json:"uncles"`
-}
-
-func (b *BlockRes) MarshalJSON() ([]byte, error) {
-	var ext struct {
-		BlockNumber     string        `json:"number"`
-		BlockHash       string        `json:"hash"`
-		ParentHash      string        `json:"parentHash"`
-		Nonce           string        `json:"nonce"`
-		Sha3Uncles      string        `json:"sha3Uncles"`
-		LogsBloom       string        `json:"logsBloom"`
-		TransactionRoot string        `json:"transactionRoot"`
-		StateRoot       string        `json:"stateRoot"`
-		Miner           string        `json:"miner"`
-		Difficulty      string        `json:"difficulty"`
-		TotalDifficulty string        `json:"totalDifficulty"`
-		Size            string        `json:"size"`
-		ExtraData       string        `json:"extraData"`
-		GasLimit        string        `json:"gasLimit"`
-		MinGasPrice     string        `json:"minGasPrice"`
-		GasUsed         string        `json:"gasUsed"`
-		UnixTimestamp   string        `json:"timestamp"`
-		Transactions    []interface{} `json:"transactions"`
-		Uncles          []string      `json:"uncles"`
-	}
-
-	// convert strict types to hexified strings
-	ext.BlockNumber = common.ToHex(b.BlockNumber.Bytes())
-	ext.BlockHash = b.BlockHash.Hex()
-	ext.ParentHash = b.ParentHash.Hex()
-	ext.Nonce = common.ToHex(b.Nonce[:])
-	ext.Sha3Uncles = b.Sha3Uncles.Hex()
-	ext.LogsBloom = common.ToHex(b.LogsBloom[:])
-	ext.TransactionRoot = b.TransactionRoot.Hex()
-	ext.StateRoot = b.StateRoot.Hex()
-	ext.Miner = b.Miner.Hex()
-	ext.Difficulty = common.ToHex(b.Difficulty.Bytes())
-	ext.TotalDifficulty = common.ToHex(b.TotalDifficulty.Bytes())
-	ext.Size = common.ToHex(b.Size.Bytes())
-	ext.ExtraData = common.ToHex(b.ExtraData)
-	ext.GasLimit = common.ToHex(b.GasLimit.Bytes())
-	// ext.MinGasPrice = common.ToHex(big.NewInt(b.MinGasPrice).Bytes())
-	ext.GasUsed = common.ToHex(b.GasUsed.Bytes())
-	ext.UnixTimestamp = common.ToHex(big.NewInt(b.UnixTimestamp).Bytes())
-	ext.Transactions = make([]interface{}, len(b.Transactions))
-	if b.fullTx {
-		for i, tx := range b.Transactions {
-			ext.Transactions[i] = tx
-		}
-	} else {
-		for i, tx := range b.Transactions {
-			ext.Transactions[i] = tx.Hash.Hex()
-		}
-	}
-	ext.Uncles = make([]string, len(b.Uncles))
-	for i, v := range b.Uncles {
-		ext.Uncles[i] = v.Hex()
-	}
-
-	return json.Marshal(ext)
+	Uncles          []*hexdata        `json:"uncles"`
 }

 func NewBlockRes(block *types.Block) *BlockRes {
@ -99,160 +35,118 @@ func NewBlockRes(block *types.Block) *BlockRes {
 	}

 	res := new(BlockRes)
-	res.BlockNumber = block.Number()
-	res.BlockHash = block.Hash()
-	res.ParentHash = block.ParentHash()
-	res.Nonce = block.Header().Nonce
-	res.Sha3Uncles = block.Header().UncleHash
-	res.LogsBloom = block.Bloom()
-	res.TransactionRoot = block.Header().TxHash
-	res.StateRoot = block.Root()
-	res.Miner = block.Header().Coinbase
-	res.Difficulty = block.Difficulty()
-	res.TotalDifficulty = block.Td
-	res.Size = big.NewInt(int64(block.Size()))
-	res.ExtraData = []byte(block.Header().Extra)
-	res.GasLimit = block.GasLimit()
+	res.BlockNumber = newHexNum(block.Number())
+	res.BlockHash = newHexData(block.Hash())
+	res.ParentHash = newHexData(block.ParentHash())
+	res.Nonce = newHexNum(block.Header().Nonce)
+	res.Sha3Uncles = newHexData(block.Header().UncleHash)
+	res.LogsBloom = newHexData(block.Bloom())
+	res.TransactionRoot = newHexData(block.Header().TxHash)
+	res.StateRoot = newHexData(block.Root())
+	res.Miner = newHexData(block.Header().Coinbase)
+	res.Difficulty = newHexNum(block.Difficulty())
+	res.TotalDifficulty = newHexNum(block.Td)
+	res.Size = newHexNum(block.Size())
+	res.ExtraData = newHexData(block.Header().Extra)
+	res.GasLimit = newHexNum(block.GasLimit())
 	// res.MinGasPrice =
-	res.GasUsed = block.GasUsed()
-	res.UnixTimestamp = block.Time()
-	res.Transactions = make([]*TransactionRes, len(block.Transactions()))
-	for i, tx := range block.Transactions() {
-		v := NewTransactionRes(tx)
-		v.BlockHash = block.Hash()
-		v.BlockNumber = block.Number().Int64()
-		v.TxIndex = int64(i)
-		res.Transactions[i] = v
-	}
-	res.Uncles = make([]common.Hash, len(block.Uncles()))
+	res.GasUsed = newHexNum(block.GasUsed())
+	res.UnixTimestamp = newHexNum(block.Time())
+	res.Transactions = NewTransactionsRes(block.Transactions())
+	res.Uncles = make([]*hexdata, len(block.Uncles()))
 	for i, uncle := range block.Uncles() {
-		res.Uncles[i] = uncle.Hash()
+		res.Uncles[i] = newHexData(uncle.Hash())
 	}
 	return res
 }

 type TransactionRes struct {
-	Hash        common.Hash     `json:"hash"`
-	Nonce       uint64          `json:"nonce"`
-	BlockHash   common.Hash     `json:"blockHash,omitempty"`
-	BlockNumber int64           `json:"blockNumber,omitempty"`
-	TxIndex     int64           `json:"transactionIndex,omitempty"`
-	From        common.Address  `json:"from"`
-	To          *common.Address `json:"to"`
-	Value       *big.Int        `json:"value"`
-	Gas         *big.Int        `json:"gas"`
-	GasPrice    *big.Int        `json:"gasPrice"`
-	Input       []byte          `json:"input"`
-}
-
-func (t *TransactionRes) MarshalJSON() ([]byte, error) {
-	var ext struct {
-		Hash        string      `json:"hash"`
-		Nonce       string      `json:"nonce"`
-		BlockHash   string      `json:"blockHash,omitempty"`
-		BlockNumber string      `json:"blockNumber,omitempty"`
-		TxIndex     string      `json:"transactionIndex,omitempty"`
-		From        string      `json:"from"`
-		To          interface{} `json:"to"`
-		Value       string      `json:"value"`
-		Gas         string      `json:"gas"`
-		GasPrice    string      `json:"gasPrice"`
-		Input       string      `json:"input"`
-	}
-
-	ext.Hash = t.Hash.Hex()
-	ext.Nonce = common.ToHex(big.NewInt(int64(t.Nonce)).Bytes())
-	ext.BlockHash = t.BlockHash.Hex()
-	ext.BlockNumber = common.ToHex(big.NewInt(t.BlockNumber).Bytes())
-	ext.TxIndex = common.ToHex(big.NewInt(t.TxIndex).Bytes())
-	ext.From = t.From.Hex()
-	if t.To == nil {
-		ext.To = nil
-	} else {
-		ext.To = t.To.Hex()
-	}
-	ext.Value = common.ToHex(t.Value.Bytes())
-	ext.Gas = common.ToHex(t.Gas.Bytes())
-	ext.GasPrice = common.ToHex(t.GasPrice.Bytes())
-	ext.Input = common.ToHex(t.Input)
-
-	return json.Marshal(ext)
+	Hash        *hexdata `json:"hash"`
+	Nonce       *hexnum  `json:"nonce"`
+	BlockHash   *hexdata `json:"blockHash"`
+	BlockNumber *hexnum  `json:"blockNumber"`
+	TxIndex     *hexnum  `json:"transactionIndex"`
+	From        *hexdata `json:"from"`
+	To          *hexdata `json:"to"`
+	Value       *hexnum  `json:"value"`
+	Gas         *hexnum  `json:"gas"`
+	GasPrice    *hexnum  `json:"gasPrice"`
+	Input       *hexdata `json:"input"`
 }

 func NewTransactionRes(tx *types.Transaction) *TransactionRes {
 	var v = new(TransactionRes)
-	v.Hash = tx.Hash()
-	v.Nonce = tx.Nonce()
-	v.From, _ = tx.From()
-	v.To = tx.To()
-	v.Value = tx.Value()
-	v.Gas = tx.Gas()
-	v.GasPrice = tx.GasPrice()
-	v.Input = tx.Data()
+	v.Hash = newHexData(tx.Hash())
+	v.Nonce = newHexNum(tx.Nonce())
+	// v.BlockHash =
+	// v.BlockNumber =
+	// v.TxIndex =
+	from, _ := tx.From()
+	v.From = newHexData(from)
+	v.To = newHexData(tx.To())
+	v.Value = newHexNum(tx.Value())
+	v.Gas = newHexNum(tx.Gas())
+	v.GasPrice = newHexNum(tx.GasPrice())
+	v.Input = newHexData(tx.Data())
 	return v
 }

-type FilterLogRes struct {
-	Hash             string `json:"hash"`
-	Address          string `json:"address"`
-	Data             string `json:"data"`
-	BlockNumber      string `json:"blockNumber"`
-	TransactionHash  string `json:"transactionHash"`
-	BlockHash        string `json:"blockHash"`
-	TransactionIndex string `json:"transactionIndex"`
-	LogIndex         string `json:"logIndex"`
+func NewTransactionsRes(txs []*types.Transaction) []*TransactionRes {
+	v := make([]*TransactionRes, len(txs))
+	for i, tx := range txs {
+		v[i] = NewTransactionRes(tx)
+	}
+	return v
 }

-type FilterWhisperRes struct {
-	Hash       string `json:"hash"`
-	From       string `json:"from"`
-	To         string `json:"to"`
-	Expiry     string `json:"expiry"`
-	Sent       string `json:"sent"`
-	Ttl        string `json:"ttl"`
-	Topics     string `json:"topics"`
-	Payload    string `json:"payload"`
-	WorkProved string `json:"workProved"`
-}
+// type FilterLogRes struct {
+// 	Hash             string `json:"hash"`
+// 	Address          string `json:"address"`
+// 	Data             string `json:"data"`
+// 	BlockNumber      string `json:"blockNumber"`
+// 	TransactionHash  string `json:"transactionHash"`
+// 	BlockHash        string `json:"blockHash"`
+// 	TransactionIndex string `json:"transactionIndex"`
+// 	LogIndex         string `json:"logIndex"`
+// }
+
+// type FilterWhisperRes struct {
+// 	Hash       string `json:"hash"`
+// 	From       string `json:"from"`
+// 	To         string `json:"to"`
+// 	Expiry     string `json:"expiry"`
+// 	Sent       string `json:"sent"`
+// 	Ttl        string `json:"ttl"`
+// 	Topics     string `json:"topics"`
+// 	Payload    string `json:"payload"`
+// 	WorkProved string `json:"workProved"`
+// }

 type LogRes struct {
-	Address common.Address `json:"address"`
-	Topics  []common.Hash  `json:"topics"`
-	Data    []byte         `json:"data"`
-	Number  uint64         `json:"number"`
+	Address          *hexdata   `json:"address"`
+	Topics           []*hexdata `json:"topics"`
+	Data             *hexdata   `json:"data"`
+	BlockNumber      *hexnum    `json:"blockNumber"`
+	Hash             *hexdata   `json:"hash"`
+	LogIndex         *hexnum    `json:"logIndex"`
+	BlockHash        *hexdata   `json:"blockHash"`
+	TransactionHash  *hexdata   `json:"transactionHash"`
+	TransactionIndex *hexnum    `json:"transactionIndex"`
 }

 func NewLogRes(log state.Log) LogRes {
 	var l LogRes
-	l.Topics = make([]common.Hash, len(log.Topics()))
-	l.Address = log.Address()
-	l.Data = log.Data()
-	l.Number = log.Number()
+	l.Topics = make([]*hexdata, len(log.Topics()))
 	for j, topic := range log.Topics() {
-		l.Topics[j] = topic
+		l.Topics[j] = newHexData(topic)
 	}
+	l.Address = newHexData(log.Address())
+	l.Data = newHexData(log.Data())
+	l.BlockNumber = newHexNum(log.Number())
+
 	return l
 }

-func (l *LogRes) MarshalJSON() ([]byte, error) {
-	var ext struct {
-		Address string   `json:"address"`
-		Topics  []string `json:"topics"`
-		Data    string   `json:"data"`
-		Number  string   `json:"number"`
-	}
-
-	ext.Address = l.Address.Hex()
-	ext.Data = common.ToHex(l.Data)
-	ext.Number = common.ToHex(big.NewInt(int64(l.Number)).Bytes())
-	ext.Topics = make([]string, len(l.Topics))
-	for i, v := range l.Topics {
-		ext.Topics[i] = v.Hex()
-	}
-
-	return json.Marshal(ext)
-}
-
 func NewLogsRes(logs state.Logs) (ls []LogRes) {
 	ls = make([]LogRes, len(logs))

--- a/rpc/responses_test.go
+++ b/rpc/responses_test.go
@ -2,7 +2,9 @@ package rpc

 import (
 	"encoding/json"
+	"fmt"
 	"math/big"
+	"regexp"
 	"testing"

 	"github.com/ethereum/go-ethereum/common"
@ -10,6 +12,15 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"
 )

+const (
+	reHash       = `"0x[0-9a-f]{64}"`               // 32 bytes
+	reHashOpt    = `"(0x[0-9a-f]{64})"|null`        // 32 bytes or null
+	reAddress    = `"0x[0-9a-f]{40}"`               // 20 bytes
+	reAddressOpt = `"0x[0-9a-f]{40}"|null`          // 20 bytes or null
+	reNum        = `"0x([1-9a-f][0-9a-f]{1,15})|0"` // must not have left-padded zeros
+	reData       = `"0x[0-9a-f]*"`                  // can be "empty"
+)
+
 func TestNewBlockRes(t *testing.T) {
 	parentHash := common.HexToHash("0x01")
 	coinbase := common.HexToAddress("0x01")
@ -18,56 +29,35 @@ func TestNewBlockRes(t *testing.T) {
 	nonce := uint64(1)
 	extra := ""
 	block := types.NewBlock(parentHash, coinbase, root, difficulty, nonce, extra)
-
-	_ = NewBlockRes(block)
-}
-
-func TestBlockRes(t *testing.T) {
-	v := &BlockRes{
-		BlockNumber:     big.NewInt(0),
-		BlockHash:       common.HexToHash("0x0"),
-		ParentHash:      common.HexToHash("0x0"),
-		Nonce:           [8]byte{0, 0, 0, 0, 0, 0, 0, 0},
-		Sha3Uncles:      common.HexToHash("0x0"),
-		LogsBloom:       types.BytesToBloom([]byte{0}),
-		TransactionRoot: common.HexToHash("0x0"),
-		StateRoot:       common.HexToHash("0x0"),
-		Miner:           common.HexToAddress("0x0"),
-		Difficulty:      big.NewInt(0),
-		TotalDifficulty: big.NewInt(0),
-		Size:            big.NewInt(0),
-		ExtraData:       []byte{},
-		GasLimit:        big.NewInt(0),
-		MinGasPrice:     int64(0),
-		GasUsed:         big.NewInt(0),
-		UnixTimestamp:   int64(0),
-		// Transactions    []*TransactionRes `json:"transactions"`
-		// Uncles          []common.Hash     `json:"uncles"`
+	tests := map[string]string{
+		"number":          reNum,
+		"hash":            reHash,
+		"parentHash":      reHash,
+		"nonce":           reNum,
+		"sha3Uncles":      reHash,
+		"logsBloom":       reData,
+		"transactionRoot": reHash,
+		"stateRoot":       reHash,
+		"miner":           reAddress,
+		"difficulty":      `"0x1"`,
+		"totalDifficulty": reNum,
+		"size":            reNum,
+		"extraData":       reData,
+		"gasLimit":        reNum,
+		// "minGasPrice":  "0x",
+		"gasUsed":   reNum,
+		"timestamp": reNum,
 	}

-	_, _ = json.Marshal(v)
+	v := NewBlockRes(block)
+	j, _ := json.Marshal(v)

-	// fmt.Println(string(j))
-
-}
-
-func TestTransactionRes(t *testing.T) {
-	a := common.HexToAddress("0x0")
-	v := &TransactionRes{
-		Hash:        common.HexToHash("0x0"),
-		Nonce:       uint64(0),
-		BlockHash:   common.HexToHash("0x0"),
-		BlockNumber: int64(0),
-		TxIndex:     int64(0),
-		From:        common.HexToAddress("0x0"),
-		To:          &a,
-		Value:       big.NewInt(0),
-		Gas:         big.NewInt(0),
-		GasPrice:    big.NewInt(0),
-		Input:       []byte{0},
+	for k, re := range tests {
+		match, _ := regexp.MatchString(fmt.Sprintf(`{.*"%s":%s.*}`, k, re), string(j))
+		if !match {
+			t.Error(fmt.Sprintf("%s output json does not match format %s. Got %s", k, re, j))
+		}
 	}
-
-	_, _ = json.Marshal(v)
 }

 func TestNewTransactionRes(t *testing.T) {
@ -78,26 +68,80 @@ func TestNewTransactionRes(t *testing.T) {
 	data := []byte{1, 2, 3}
 	tx := types.NewTransactionMessage(to, amount, gasAmount, gasPrice, data)

-	_ = NewTransactionRes(tx)
-}
-
-func TestLogRes(t *testing.T) {
-	topics := make([]common.Hash, 3)
-	topics = append(topics, common.HexToHash("0x00"))
-	topics = append(topics, common.HexToHash("0x10"))
-	topics = append(topics, common.HexToHash("0x20"))
-
-	v := &LogRes{
-		Topics:  topics,
-		Address: common.HexToAddress("0x0"),
-		Data:    []byte{1, 2, 3},
-		Number:  uint64(5),
+	tests := map[string]string{
+		"hash":             reHash,
+		"nonce":            reNum,
+		"blockHash":        reHash,
+		"blockNum":         reNum,
+		"transactionIndex": reNum,
+		"from":             reAddress,
+		"to":               reAddressOpt,
+		"value":            reNum,
+		"gas":              reNum,
+		"gasPrice":         reNum,
+		"input":            reData,
+	}
+
+	v := NewTransactionRes(tx)
+	v.BlockHash = newHexData(common.HexToHash("0x030201"))
+	v.BlockNumber = newHexNum(5)
+	v.TxIndex = newHexNum(0)
+	j, _ := json.Marshal(v)
+	for k, re := range tests {
+		match, _ := regexp.MatchString(fmt.Sprintf(`{.*"%s":%s.*}`, k, re), string(j))
+		if !match {
+			t.Error(fmt.Sprintf("`%s` output json does not match format %s. Source %s", k, re, j))
+		}
 	}

-	_, _ = json.Marshal(v)
 }

-func MakeStateLog(num int) state.Log {
+func TestNewLogRes(t *testing.T) {
+	log := makeStateLog(0)
+	tests := map[string]string{
+		"address": reAddress,
+		// "topics": "[.*]"
+		"data":        reData,
+		"blockNumber": reNum,
+		// "hash":             reHash,
+		// "logIndex":         reNum,
+		// "blockHash":        reHash,
+		// "transactionHash":  reHash,
+		"transactionIndex": reNum,
+	}
+
+	v := NewLogRes(log)
+	j, _ := json.Marshal(v)
+
+	for k, re := range tests {
+		match, _ := regexp.MatchString(fmt.Sprintf(`{.*"%s":%s.*}`, k, re), string(j))
+		if !match {
+			t.Error(fmt.Sprintf("`%s` output json does not match format %s. Got %s", k, re, j))
+		}
+	}
+
+}
+
+func TestNewLogsRes(t *testing.T) {
+	logs := make([]state.Log, 3)
+	logs[0] = makeStateLog(1)
+	logs[1] = makeStateLog(2)
+	logs[2] = makeStateLog(3)
+	tests := map[string]string{}
+
+	v := NewLogsRes(logs)
+	j, _ := json.Marshal(v)
+
+	for k, re := range tests {
+		match, _ := regexp.MatchString(fmt.Sprintf(`[{.*"%s":%s.*}]`, k, re), string(j))
+		if !match {
+			t.Error(fmt.Sprintf("%s output json does not match format %s. Got %s", k, re, j))
+		}
+	}
+
+}
+
+func makeStateLog(num int) state.Log {
 	address := common.HexToAddress("0x0")
 	data := []byte{1, 2, 3}
 	number := uint64(num)
@ -108,16 +152,3 @@ func MakeStateLog(num int) state.Log {
 	log := state.NewLog(address, topics, data, number)
 	return log
 }
-
-func TestNewLogRes(t *testing.T) {
-	log := MakeStateLog(0)
-	_ = NewLogRes(log)
-}
-
-func TestNewLogsRes(t *testing.T) {
-	logs := make([]state.Log, 3)
-	logs[0] = MakeStateLog(1)
-	logs[1] = MakeStateLog(2)
-	logs[2] = MakeStateLog(3)
-	_ = NewLogsRes(logs)
-}
--- a/xeth/xeth.go
+++ b/xeth/xeth.go
@ -19,6 +19,7 @@ import (
 	"github.com/ethereum/go-ethereum/event/filter"
 	"github.com/ethereum/go-ethereum/logger"
 	"github.com/ethereum/go-ethereum/miner"
+	"github.com/ethereum/go-ethereum/rlp"
 )

 var (
@ -185,12 +186,29 @@ func (self *XEth) EthBlockByHash(strHash string) *types.Block {
 	return block
 }

-func (self *XEth) EthTransactionByHash(hash string) *types.Transaction {
+func (self *XEth) EthTransactionByHash(hash string) (tx *types.Transaction, blhash common.Hash, blnum *big.Int, txi uint64) {
 	data, _ := self.backend.ExtraDb().Get(common.FromHex(hash))
 	if len(data) != 0 {
-		return types.NewTransactionFromBytes(data)
+		tx = types.NewTransactionFromBytes(data)
 	}
-	return nil
+
+	// meta
+	var txExtra struct {
+		BlockHash  common.Hash
+		BlockIndex int64
+		Index      uint64
+	}
+
+	v, _ := self.backend.ExtraDb().Get(append(common.FromHex(hash), 0x0001))
+	r := bytes.NewReader(v)
+	err := rlp.Decode(r, &txExtra)
+	if err == nil {
+		blhash = txExtra.BlockHash
+		blnum = big.NewInt(txExtra.BlockIndex)
+		txi = txExtra.Index
+	}
+
+	return
 }

 func (self *XEth) BlockByNumber(num int64) *Block {