Closed chescos closed 6 years ago
Also related #1677 for the wallet.
As I stated in https://github.com/monero-project/monero/issues/1677 the danger is if the user does not provide a daemon password, the attack on the local daemon becomes easier. JavaScript can issue a post without the user ever interacting with the page. Perhaps requiring a password for the mode, and a strict whitelisting of domains ... ?
Also, its difficult for me to imagine a good use case other than running loading a HTML document from the local hard drive. What is your use case @chescos ?
@vtnerd I am a web developer and I would love to build a completely client-sided Monero explorer that can easily be used by non-technical users. This could be useful to users who run their own node and want to monitor and use it as their own block explorer. I would for example use it to monitor the Monero node that is running on my Rasperry Pi.
Of course I could also write such an application in PHP or NodeJS but that would make the setup more complicated for non-technical users. With pure client side JS, all that would be needed is to download a standalone .html file and open it with a browser. The user could then just enter his node credentials through a form and he's ready to go.
@chescos your idea is very cool ,maybe youcan post the idea to reddit and raise ffs
Working on this and #1677 at the moment. Should have something up today or early tomorrow. Just posting here so there's no duplication of effort if anyone else is looking for an issue. I have it set locally so the access control allow origin list is a whitelist passed as an rfc command and requires the rpc-login command or it throws an error.
+resolved
Awesome! Thank you @Timo614
Could the
Access-Control-Allow-Origin
header be added to the daemon RPC? Would be awesome to be able to connect to the daemon through JavaScript from a web browser.