The listen interface for the owner API is currently hardcoded to 127.0.0.1. We'd previously resisted allowing this to be opened up (by, say changing the interface to 0.0.0.0), as a security measure to ensure clients to the owner interface are limited to being on the same machine.
This is probably far too limiting, and in particular makes docker deployments difficult as there's no way to access the wallet APIs at all from outside the deployed container, (which is necessarily set up to run the owner API as a service and nothing else).
This PR adds owner_api_listen_interface as a configuration field, but doesn't output the field into the configuration file by default, i.e. a user will really need to know what they're doing in order to enable this field. This should provide a good compromise.
Note this is for the experimental contracts branch only, but some discussion merited as to whether to merge into master just yet.
127.0.0.1. We'd previously resisted allowing this to be opened up (by, say changing the interface to0.0.0.0), as a security measure to ensure clients to the owner interface are limited to being on the same machine.This is probably far too limiting, and in particular makes docker deployments difficult as there's no way to access the wallet APIs at all from outside the deployed container, (which is necessarily set up to run the owner API as a service and nothing else).
This PR adds
owner_api_listen_interfaceas a configuration field, but doesn't output the field into the configuration file by default, i.e. a user will really need to know what they're doing in order to enable this field. This should provide a good compromise.Note this is for the experimental contracts branch only, but some discussion merited as to whether to merge into master just yet.