diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts index 52aa9ba02..820c44ff1 100644 --- a/packages/block-brokers/src/trustless-gateway/utils.ts +++ b/packages/block-brokers/src/trustless-gateway/utils.ts @@ -21,6 +21,14 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure: return isPrivateIp(ma.toOptions().host) === false } + // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost" + if (!allowInsecure && allowLocal) { + const { host } = ma.toOptions() + if (host === '127.0.0.1' || host === 'localhost' || host.endsWith('.localhost')) { + return true + } + } + return false }) } diff --git a/packages/block-brokers/test/trustless-gateway-utils.spec.ts b/packages/block-brokers/test/trustless-gateway-utils.spec.ts index 8a2a42130..1aca9b3ba 100644 --- a/packages/block-brokers/test/trustless-gateway-utils.spec.ts +++ b/packages/block-brokers/test/trustless-gateway-utils.spec.ts @@ -27,4 +27,28 @@ describe('trustless-gateway-block-broker-utils', () => { expect(filtered.length).to.deep.equal(0) }) + + it('filterNonHTTPMultiaddrs allows 127.0.0.1 when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://127.0.0.1') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) + + it('filterNonHTTPMultiaddrs allows localhost when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://localhost') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) + + it('filterNonHTTPMultiaddrs allows *.localhost when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://example.localhost') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) })