rpc server: fix deny unsafe on RpcMethods::Auto (#5678)

Close #5677 I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in #4792 Thus: - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe --------- Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
paritytech · Sep 11, 2024 · 4e7c9e7 · 4e7c9e7
1 parent 0f7acb5
commit 4e7c9e7
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/prdoc/pr_5678.prdoc b/prdoc/pr_5678.prdoc
@@ -0,0 +1,14 @@
+title: 'rpc server: fix deny unsafe on RpcMethods::Auto'
+doc:
+- audience: Node User
+  description: |-
+    Close #5677
+
+    I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in https://github.com/paritytech/polkadot-sdk/pull/4792
+
+    Thus:
+     - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
+     - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe
+crates:
+- name: sc-rpc-server
+  bump: patch
diff --git a/substrate/client/rpc-servers/src/utils.rs b/substrate/client/rpc-servers/src/utils.rs
@@ -284,7 +284,7 @@ pub(crate) fn get_proxy_ip<B>(req: &http::Request<B>) -> Option<IpAddr> {
 /// Get the `deny_unsafe` setting based on the address and the RPC methods exposed by the interface.
 pub fn deny_unsafe(addr: &SocketAddr, methods: &RpcMethods) -> DenyUnsafe {
 	match (addr.ip().is_loopback(), methods) {
-		| (_, RpcMethods::Unsafe) | (false, RpcMethods::Auto) => DenyUnsafe::No,
+		(_, RpcMethods::Unsafe) | (true, RpcMethods::Auto) => DenyUnsafe::No,
 		_ => DenyUnsafe::Yes,
 	}
 }