Remove domain checks (#243)

nearnshaw · gonpombo8 · web-flow · commit c82c3604a4b1 · 2025-02-12T10:16:46.000-03:00
* fix ui

* fix other UI screens

* minor adjustments

* fix reward-claim

* make boat and other items multiplayer

* updates

* make smart items multiplayer

* remove domain checks

---------

Co-authored-by: Gonzalo DCL &lt;gonzalo@decentraland.org&gt;
diff --git a/guest-book-api/server/src/security/securityChecks.ts b/guest-book-api/server/src/security/securityChecks.ts
@@ -4,10 +4,6 @@ import * as dcl from 'decentraland-crypto-middleware'
 import { denyListedIPS, TESTS_ENABLED, Metadata, realmWhiteList } from './utils'
 import { checkCoords } from './verifyOnMap'
 
-export function checkOrigin(req: Request) {
-  const validOrigins = ['https://decentraland.org', 'https://decentraland.zone']
-  return validOrigins.includes(req.header('origin')!)
-}
 
 export function checkBannedIPs(req: Request) {
   const ip = req.header('X-Forwarded-For')
@@ -32,14 +28,6 @@ export async function runChecks(req: Request & dcl.DecentralandSignatureData<Met
     return parseInt(item, 10)
   })
 
-  // check that the request comes from a decentraland domain
-  const validOrigin =
-    TESTS_ENABLED && (metadata.realm.hostname === 'localhost' || metadata.realm.serverName === 'LocalPreview')
-      ? true
-      : checkOrigin(req)
-  if (!validOrigin) {
-    throw new Error('INVALID ORIGIN')
-  }
 
   // filter against a denylist of malicious ips
   const validIP = checkBannedIPs(req)
diff --git a/leader-board/server/src/security/securityChecks.ts b/leader-board/server/src/security/securityChecks.ts
@@ -4,10 +4,6 @@ import * as dcl from 'decentraland-crypto-middleware'
 import { denyListedIPS, TESTS_ENABLED, Metadata, realmWhiteList } from './utils'
 import { checkCoords } from './verifyOnMap'
 
-export function checkOrigin(req: Request) {
-  const validOrigins = ['https://decentraland.org', 'https://decentraland.zone']
-  return validOrigins.includes(req.header('origin')!)
-}
 
 export function checkBannedIPs(req: Request) {
   const ip = req.header('X-Forwarded-For')
@@ -32,14 +28,6 @@ export async function runChecks(req: Request & dcl.DecentralandSignatureData<Met
     return parseInt(item, 10)
   })
 
-  // check that the request comes from a decentraland domain
-  const validOrigin =
-    TESTS_ENABLED && (metadata.realm.hostname === 'localhost' || metadata.realm.serverName === 'LocalPreview')
-      ? true
-      : checkOrigin(req)
-  if (!validOrigin) {
-    throw new Error('INVALID ORIGIN')
-  }
 
   // filter against a denylist of malicious ips
   const validIP = checkBannedIPs(req)
diff --git a/validate-player-authenticity/server/src/security/securityChecks.ts b/validate-player-authenticity/server/src/security/securityChecks.ts
@@ -4,10 +4,6 @@ import dcl from 'decentraland-crypto-middleware'
 import { denyListedIPS, TESTS_ENABLED, Metadata, realmWhiteList } from '../utils'
 import { checkCoords } from './verifyOnMap'
 
-export function checkOrigin(req: Request) {
-  const validOrigins = ['https://decentraland.org', 'https://decentraland.zone']
-  return validOrigins.includes(req.header('origin'))
-}
 
 export function checkBannedIPs(req: Request) {
   const ip = req.header('X-Forwarded-For')
@@ -32,15 +28,6 @@ export async function runChecks(req: Request & dcl.DecentralandSignatureData<Met
     return parseInt(item, 10)
   })
 
-  // check that the request comes from a decentraland domain
-  const validOrigin =
-    TESTS_ENABLED && (metadata.realm.hostname === 'localhost' || metadata.realm.serverName === 'LocalPreview')
-      ? true
-      : checkOrigin(req)
-  if (!validOrigin) {
-    throw new Error('INVALID ORIGIN')
-  }
-
   // filter against a denylist of malicious ips
   const validIP = checkBannedIPs(req)
   if (validIP) {
