diff options
author | Martin Holst Swende <martin@swende.se> | 2018-09-25 21:54:58 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-25 21:54:58 +0800 |
commit | d3441ebb563439bac0837d70591f92e2c6080303 (patch) | |
tree | cec46689f8ec4fd4570322e79ad7167c3b792c74 /rpc | |
parent | a95a601f35c49be6045de522138f639fbb68c885 (diff) | |
download | dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.gz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.bz2 dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.lz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.xz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.zst dexon-d3441ebb563439bac0837d70591f92e2c6080303.zip |
cmd/clef, signer: security fixes (#17554)
* signer: remove local path disclosure from extapi
* signer: show more data in cli ui
* rpc: make http server forward UA and Origin via Context
* signer, clef/core: ui changes + display UA and Origin
* signer: cliui - indicate less trust in remote headers, see https://github.com/ethereum/go-ethereum/issues/17637
* signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635
* signer: remove ecrecover from external API
* signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631
* signer: check calldata length even if no ABI signature is present
* signer: fix failing testcase
* clef: remove account import from external api
* signer: allow space in passwords, improve error messsage
* signer/storage: fix typos
Diffstat (limited to 'rpc')
-rw-r--r-- | rpc/http.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/rpc/http.go b/rpc/http.go index 9e4f2b261..af79858e2 100644 --- a/rpc/http.go +++ b/rpc/http.go @@ -238,6 +238,12 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { ctx = context.WithValue(ctx, "remote", r.RemoteAddr) ctx = context.WithValue(ctx, "scheme", r.Proto) ctx = context.WithValue(ctx, "local", r.Host) + if ua := r.Header.Get("User-Agent"); ua != "" { + ctx = context.WithValue(ctx, "User-Agent", ua) + } + if origin := r.Header.Get("Origin"); origin != "" { + ctx = context.WithValue(ctx, "Origin", origin) + } body := io.LimitReader(r.Body, maxRequestContentLength) codec := NewJSONCodec(&httpReadWriteNopCloser{body, w}) |