pub fn validate_origin(
headers: &HeaderMap,
bind_addr: &SocketAddr,
allowed_origins: &[String],
) -> Result<(), Response>Expand description
Validate the Origin header for CSRF and DNS rebinding protection.
DNS rebinding defense (CVE-2025-66414/CVE-2025-66416): When the proxy is
bound to a loopback address (127.0.0.1, [::1]) and no explicit
allowed_origins are configured, only localhost origins are accepted.
This prevents a malicious webpage from rebinding its domain to 127.0.0.1
and making cross-origin requests that bypass browser same-origin policy.
Returns Ok(()) if:
- No
Originheader is present (non-browser client — API clients don’t send Origin) allowed_originsis non-empty and contains the Origin value (or"*")allowed_originsis empty, bind address is loopback, and Origin is a localhost variantallowed_originsis empty, bind address is non-loopback, and Origin host matches Host header
Returns Err(response) with HTTP 403 and a JSON-RPC error if the origin is not allowed.
SECURITY: Logs rejected origins at warn level. Does NOT log Cookie or Authorization headers to avoid credential leaks in logs.