github/reth
1
1
Fork 0
mirror of https://github.com/paradigmxyz/reth.git synced 2026-02-19 03:04:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(rpc): trim spaces in CORS domain parsing (#22192)

Browse Source 
Co-authored-by: DaniPopes <57450786+DaniPopes@users.noreply.github.com>
This commit is contained in:
drhgencer
2026-02-16 12:21:34 +05:30
committed by GitHub
parent 314a92e93c
commit 997af404a5
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crates/rpc/rpc-builder/src/cors.rs
View File

@@ -27,7 +27,7 @@ pub(crate) fn create_cors_layer(http_cors_domains: &str) -> Result<CorsLayer, Co
.allow_origin(Any)
.allow_headers(Any),
_ => {
let iter = http_cors_domains.split(',');
let iter = http_cors_domains.split(',').map(str::trim);
if iter.clone().any(|o| o == "*") {
return Err(CorsDomainError::WildCardNotAllowed {
input: http_cors_domains.to_string(),
@@ -51,3 +51,15 @@ pub(crate) fn create_cors_layer(http_cors_domains: &str) -> Result<CorsLayer, Co
};
Ok(cors)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_wildcard_with_spaces_rejected() {
// Wildcard with leading space should still be rejected
let result = create_cors_layer("http://example.com, *");
assert!(matches!(result, Err(CorsDomainError::WildCardNotAllowed { .. })));
}
}