Skip to content

Commit 767d457

Browse files
onbjergonbjerg
authored
chore: more explicit cors policy (#133)
Be explicit about origins, HTTP methods and HTTP headers in CORS policy
1 parent eab7a39 commit 767d457

File tree

4 files changed

+17
-9
lines changed

4 files changed

+17
-9
lines changed

Cargo.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,9 +221,10 @@ metrics = "0.23.0"
221221
metrics-derive = "0.1.0"
222222

223223
# rpc
224+
jsonrpsee = "0.24"
225+
hyper = "1.5"
224226
tower = "0.4"
225227
tower-http = { version = "0.6", features = ["cors"] }
226-
jsonrpsee = "0.24"
227228

228229
# misc
229230
clap = "4"

bin/relay/Cargo.toml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,20 +11,21 @@ description = "Odyssey Relay is an EIP-7702 native transaction batcher and spons
1111
workspace = true
1212

1313
[dependencies]
14-
alloy-signer-local.workspace = true
1514
alloy-primitives.workspace = true
1615
alloy-provider.workspace = true
1716
alloy-rpc-client.workspace = true
18-
odyssey-wallet.workspace = true
17+
alloy-signer-local.workspace = true
18+
clap = { workspace = true, features = ["derive", "env"] }
1919
eyre.workspace = true
20+
hyper.workspace = true
2021
jsonrpsee = { workspace = true, features = ["server"] }
21-
tracing.workspace = true
22+
odyssey-wallet.workspace = true
2223
reth-tracing.workspace = true
23-
clap = { workspace = true, features = ["derive", "env"] }
24-
url.workspace = true
2524
tokio = { workspace = true, features = ["rt", "macros"] }
26-
tower.workspace = true
2725
tower-http.workspace = true
26+
tower.workspace = true
27+
tracing.workspace = true
28+
url.workspace = true
2829

2930
[features]
3031
default = []

bin/relay/src/main.rs

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,13 @@ use alloy_rpc_client::RpcClient;
77
use alloy_signer_local::PrivateKeySigner;
88
use clap::Parser;
99
use eyre::Context;
10+
use hyper::Method;
1011
use jsonrpsee::server::Server;
1112
use odyssey_wallet::{AlloyUpstream, OdysseyWallet, OdysseyWalletApiServer};
1213
use reth_tracing::Tracer;
1314
use std::net::{IpAddr, Ipv4Addr};
1415
use tower::ServiceBuilder;
15-
use tower_http::cors::CorsLayer;
16+
use tower_http::cors::{Any, CorsLayer};
1617
use tracing::info;
1718
use url::Url;
1819

@@ -54,9 +55,13 @@ impl Args {
5455
let rpc = OdysseyWallet::new(AlloyUpstream::new(provider), chain_id).into_rpc();
5556

5657
// start server
58+
let cors = CorsLayer::new()
59+
.allow_methods([Method::POST])
60+
.allow_origin(Any)
61+
.allow_headers([hyper::header::CONTENT_TYPE]);
5762
let server = Server::builder()
5863
.http_only()
59-
.set_http_middleware(ServiceBuilder::new().layer(CorsLayer::permissive()))
64+
.set_http_middleware(ServiceBuilder::new().layer(cors))
6065
.build((self.address, self.port))
6166
.await?;
6267
info!(addr = ?server.local_addr().unwrap(), "Started relay service");

0 commit comments

Comments
 (0)