From 814cd3d76ff6e4d26971b8162acd75afa39dd45e Mon Sep 17 00:00:00 2001
From: Niklas Adolfsson <niklasadolfsson1@gmail.com>
Date: Wed, 11 Sep 2024 18:35:21 +0200
Subject: [PATCH] rpc server: fix deny unsafe on RpcMethods::Auto (#5678)

Close #5677

I made a nit when I moved this code:
https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385
in https://github.com/paritytech/polkadot-sdk/pull/4792

Thus:
 - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
 - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe

---------

Co-authored-by: ggwpez <ggwpez@users.noreply.github.com>
---
 prdoc/pr_5678.prdoc                       | 14 ++++++++++++++
 substrate/client/rpc-servers/src/utils.rs |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 prdoc/pr_5678.prdoc

diff --git a/prdoc/pr_5678.prdoc b/prdoc/pr_5678.prdoc
new file mode 100644
index 0000000000000..af1fac31c5609
--- /dev/null
+++ b/prdoc/pr_5678.prdoc
@@ -0,0 +1,14 @@
+title: 'rpc server: fix deny unsafe on RpcMethods::Auto'
+doc:
+- audience: Node User
+  description: |-
+    Close #5677
+
+    I made a nit when I moved this code: https://github.com/paritytech/polkadot-sdk/blob/v1.14.0-rc1/substrate/client/service/src/lib.rs#L379-#L385 in https://github.com/paritytech/polkadot-sdk/pull/4792
+
+    Thus:
+     - (ip.is_loopback(), RpcMethods::Auto) -> allow unsafe
+     - (!ip.is_loopback(), RpcMethods::Auto) -> deny unsafe
+crates:
+- name: sc-rpc-server
+  bump: patch
diff --git a/substrate/client/rpc-servers/src/utils.rs b/substrate/client/rpc-servers/src/utils.rs
index 5b4a4bf22b950..d9b2db7af1335 100644
--- a/substrate/client/rpc-servers/src/utils.rs
+++ b/substrate/client/rpc-servers/src/utils.rs
@@ -284,7 +284,7 @@ pub(crate) fn get_proxy_ip<B>(req: &http::Request<B>) -> Option<IpAddr> {
 /// Get the `deny_unsafe` setting based on the address and the RPC methods exposed by the interface.
 pub fn deny_unsafe(addr: &SocketAddr, methods: &RpcMethods) -> DenyUnsafe {
 	match (addr.ip().is_loopback(), methods) {
-		| (_, RpcMethods::Unsafe) | (false, RpcMethods::Auto) => DenyUnsafe::No,
+		(_, RpcMethods::Unsafe) | (true, RpcMethods::Auto) => DenyUnsafe::No,
 		_ => DenyUnsafe::Yes,
 	}
 }