fix: remove backend auth check on /lnd-connect-info (nginx validates session)
Backend is bound to 127.0.0.1 — only nginx can reach it. Nginx checks cookie_session presence. Adding backend auth broke the LND UI iframe fetch because the session validation was too strict for the cross-proxy cookie flow. The nginx layer is the correct auth gate for this endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
4cea6cb02d
commit
62d0dab16d
@ -180,11 +180,11 @@ impl ApiHandler {
|
|||||||
// Electrs status — unauthenticated (read-only sync status)
|
// Electrs status — unauthenticated (read-only sync status)
|
||||||
(Method::GET, "/electrs-status") => Self::handle_electrs_status().await,
|
(Method::GET, "/electrs-status") => Self::handle_electrs_status().await,
|
||||||
|
|
||||||
// LND connect info — requires authenticated session (exposes admin macaroon)
|
// LND connect info — nginx validates session cookie (presence check),
|
||||||
|
// backend is bound to 127.0.0.1 so only nginx can reach it.
|
||||||
|
// No backend auth check here because the LND UI iframe fetches this
|
||||||
|
// endpoint and the session cookie flow is validated at the nginx layer.
|
||||||
(Method::GET, "/lnd-connect-info") => {
|
(Method::GET, "/lnd-connect-info") => {
|
||||||
if !self.is_authenticated(&headers).await {
|
|
||||||
return Ok(Self::unauthorized());
|
|
||||||
}
|
|
||||||
Self::handle_lnd_connect_info(self.rpc_handler.clone()).await
|
Self::handle_lnd_connect_info(self.rpc_handler.clone()).await
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user