Merge pull request #167 from lbryio/block-api-requests-by-referer
block api requests by referer
This commit is contained in:
commit
b3a16f95f7
1 changed files with 6 additions and 0 deletions
|
@ -402,10 +402,16 @@ class LBRYDaemon(jsonrpc.JSONRPC):
|
|||
|
||||
def render(self, request):
|
||||
origin = request.getHeader("Origin")
|
||||
referer = request.getHeader("Referer")
|
||||
|
||||
if origin not in [None, 'http://localhost:5279']:
|
||||
log.warning("Attempted api call from %s", origin)
|
||||
return server.failure
|
||||
|
||||
if referer not in [None, 'http://localhost:5279/']:
|
||||
log.warning("Attempted api call from %s", referer)
|
||||
return server.failure
|
||||
|
||||
request.content.seek(0, 0)
|
||||
# Unmarshal the JSON-RPC data.
|
||||
content = request.content.read()
|
||||
|
|
Loading…
Reference in a new issue