-
Notifications
You must be signed in to change notification settings - Fork 746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug v1.16.0-rc1 (stable2409) RPC call is unsafe to be called externally #5677
Labels
I2-bug
The node fails to follow expected behavior.
I10-unconfirmed
Issue might be valid, but it's not yet known.
Comments
BulatSaif
added
I2-bug
The node fails to follow expected behavior.
I10-unconfirmed
Issue might be valid, but it's not yet known.
labels
Sep 11, 2024
Maybe this one #4792 ? @niklasad1 do you know if this here is desired behaviour or not? |
It wasn't intended to break this, lemme check Thanks Bulat, I have opened a PR to fix this |
niklasad1
added a commit
that referenced
this issue
Sep 11, 2024
github-merge-queue bot
pushed a commit
that referenced
this issue
Sep 11, 2024
Close #5677 I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in #4792 Thus: - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe --------- Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
niklasad1
added a commit
that referenced
this issue
Sep 12, 2024
Close #5677 I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in #4792 Thus: - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe --------- Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
I2-bug
The node fails to follow expected behavior.
I10-unconfirmed
Issue might be valid, but it's not yet known.
Is there an existing issue?
Experiencing problems? Have you tried our Stack Exchange first?
Description of bug
Before
polkadot:v1.16.0
, unsafe RPC methods were exposed by default if the RPC was open tolocalhost
. This behavior has changed (accidentally?), but the help documentation has not been updated.Example:
Workaround:
set
rpc-methods
manually .Steps to reproduce
On host:
docker run -it --rm -p 9944:9944 parity/polkadot:v1.16.0-rc1 --chain rococo-local docker exec -it -u 0 CONTAINER_ID bash
Inside the container, run any unsafe rpc (you can install curl or use the bash script below):
It is important to run curl inside of the container, to have same network.
Expected behavior:
The text was updated successfully, but these errors were encountered: