if binding to 0.0.0.0, don't validate source ip in client api

2021-01-22 21:14:34 +00:00 · 2021-01-22 21:14:34 +00:00 · 45b691a06a
commit 45b691a06a
parent b1441e8c10
2 changed files with 5 additions and 4 deletions
--- a/src/httpapi/security/client.py
+++ b/src/httpapi/security/client.py
@ -54,9 +54,10 @@ class ClientAPISecurity:
            """Validate request has set password & is the correct hostname."""
            # For the purpose of preventing DNS rebinding attacks
            localhost = True
-            if request.host != '%s:%s' % \
-                    (client_api.host, client_api.bindPort):
-                localhost = False
+            if client_api.host != '0.0.0.0':
+                if request.host != '%s:%s' % \
+                        (client_api.host, client_api.bindPort):
+                    localhost = False

            if not localhost and public_remote_enabled:
                if request.host not in public_remote_hostnames:
--- a/src/netcontroller/torcontrol/init.py
+++ b/src/netcontroller/torcontrol/init.py
@ -91,7 +91,7 @@ class NetController:
                    if '100' not in line.decode():
                        logger.info(line.decode().strip(), terminal=True)
                if 'bootstrapped 100' in line.decode().lower():
-                    logger.info(line.decode())
+                    logger.info(line.decode(), terminal=True)
                    break
                elif 'opening socks listener' in line.decode().lower():
                    logger.debug(line.decode().replace('\n', ''))