Add Access-Control-Allow-Origin header to Daemon RPC

[chescos]

Could the Access-Control-Allow-Origin header be added to the daemon RPC? Would be awesome to be able to connect to the daemon through JavaScript from a web browser.

[danrmiller]

Also related #1677 for the wallet.

[vtnerd]

As I stated in https://github.com/monero-project/monero/issues/1677 the danger is if the user does not provide a daemon password, the attack on the local daemon becomes easier. JavaScript can issue a post without the user ever interacting with the page. Perhaps requiring a password for the mode, and a strict whitelisting of domains ... ?

Also, its difficult for me to imagine a good use case other than running loading a HTML document from the local hard drive. What is your use case @chescos ?

[chescos]

@vtnerd I am a web developer and I would love to build a completely client-sided Monero explorer that can easily be used by non-technical users. This could be useful to users who run their own node and want to monitor and use it as their own block explorer. I would for example use it to monitor the Monero node that is running on my Rasperry Pi.

Of course I could also write such an application in PHP or NodeJS but that would make the setup more complicated for non-technical users. With pure client side JS, all that would be needed is to download a standalone .html file and open it with a browser. The user could then just enter his node credentials through a form and he's ready to go.

[joijuke]

@chescos your idea is very cool ,maybe youcan post the idea to reddit and raise ffs

[Timo614]

Working on this and #1677 at the moment. Should have something up today or early tomorrow. Just posting here so there's no duplication of effort if anyone else is looking for an issue. I have it set locally so the access control allow origin list is a whitelist passed as an rfc command and requires the rpc-login command or it throws an error.

[moneromooo-monero]

+resolved

[chescos]

Awesome! Thank you @Timo614