fix(rpc): re-enable default RPC security checks

oxarbitrage · Feb 21, 2022 · cd6ccdf · cd6ccdf
1 parent 423f9b0
commit cd6ccdf
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/zebrad/src/components/rpc.rs b/zebrad/src/components/rpc.rs
@@ -28,8 +28,8 @@ impl RpcServer {
                 // TODO: use the same tokio executor as the rest of Zebra
                 //.event_loop_executor(tokio::runtime::Handle::current())
                 .threads(1)
-                // TODO: if we enable this security check, does lightwalletd still work?
-                .allowed_hosts(DomainsValidation::Disabled)
+                // TODO: disable this security check if we see errors from lightwalletd.
+                //.allowed_hosts(DomainsValidation::Disabled)
                 .request_middleware(FixHttpRequestMiddleware)
                 .start_http(&config.listen_addr)
                 .expect("Unable to start RPC server");
@@ -88,8 +88,8 @@ impl RequestMiddleware for FixHttpRequestMiddleware {
         });
 
         jsonrpc_http_server::RequestMiddlewareAction::Proceed {
-            // TODO: if we enable this security check, does lightwalletd still work?
-            should_continue_on_invalid_cors: true,
+            // TODO: disable this security check if we see errors from lightwalletd.
+            should_continue_on_invalid_cors: false,
             request,
         }
     }