`origin` can be used to trigger a call from the client gateway to anywhere #275

rmeissner · 2021-02-17T18:46:50Z

Check if this is a security issue
- Could you create a loop where the origin points to the safe transaction itself and therefore results in the interface calling itself?
In some cases this caused a blocking call (as we did not have a connection timeout) which at some point blocked the whole service.
- Switch to non blocking version of reqwest

Solutions:

The text was updated successfully, but these errors were encountered:

jpalvarezl · 2021-02-18T08:25:13Z

For non blocking reqwest migration, it could be worth checking out this: rwf2/Rocket#1065

rmeissner · 2021-02-18T10:14:39Z

We do not need to wait for this, as according to the rocket docs they already support async io (see https://rocket.rs/master/guide/overview/#futures-and-async). This still would be a major change that would affect the whole app.

rmeissner added the bug Something isn't working label Feb 17, 2021

rmeissner mentioned this issue Feb 17, 2021

Add connect timeout to internal client #276

Merged

jpalvarezl self-assigned this Mar 9, 2021

jpalvarezl mentioned this issue Mar 9, 2021

URL rules for origin #297

Merged

jpalvarezl closed this as completed in #297 Mar 10, 2021

Provide feedback