Allow the API whitelist to be easily disabled using the "apiWhitelistEnabled": false setting.

Now that we require API key authentication - and therefore security is greatly improved - many users will want to bypass the whitelist in order for the UI to communicate with their remote node. This gives an easy way to do this, without having to override the default whitelist. This boolean can now optionally be added to the default settings.json that is published with new releases, without removing the code's ability to update default whitelist values.
3 years ago · 5369e21780
1 changed files with 5 additions and 0 deletions
--- a/src/main/java/org/qortal/settings/Settings.java
+++ b/src/main/java/org/qortal/settings/Settings.java
@ -72,6 +72,7 @@ public class Settings {
 	// API-related
 	private boolean apiEnabled = true;
 	private Integer apiPort;
+	private boolean apiWhitelistEnabled = true;
 	private String[] apiWhitelist = new String[] {
 		"::1", "127.0.0.1"
 	};
@ -492,6 +493,10 @@ public class Settings {
 	}

 	public String[] getApiWhitelist() {
+		if (!this.apiWhitelistEnabled) {
+			// Allow all connections if the whitelist is disabled
+			return new String[] {"0.0.0.0/0", "::/0"};
+		}
 		return this.apiWhitelist;
 	}