From 6ea1f6f78cfb324f7768f6573975109d4db074c2 Mon Sep 17 00:00:00 2001
From: Jack <jack@lbry.io>
Date: Wed, 14 Sep 2016 17:39:04 -0400
Subject: [PATCH] block api calls from bad origins

---
 lbrynet/lbrynet_daemon/LBRYDaemon.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lbrynet/lbrynet_daemon/LBRYDaemon.py b/lbrynet/lbrynet_daemon/LBRYDaemon.py
index d13dc1d4b..824e11bd3 100644
--- a/lbrynet/lbrynet_daemon/LBRYDaemon.py
+++ b/lbrynet/lbrynet_daemon/LBRYDaemon.py
@@ -394,6 +394,11 @@ class LBRYDaemon(jsonrpc.JSONRPC):
         log.debug(err.getTraceback())
 
     def render(self, request):
+        origin = request.getHeader("Origin")
+        if origin not in [None, 'http://localhost:5279']:
+            log.warning("Attempted api call from %s", origin)
+            return server.failure
+
         request.content.seek(0, 0)
         # Unmarshal the JSON-RPC data.
         content = request.content.read()