From 5369e217804ed19e51ac58c49cea356b07cfd034 Mon Sep 17 00:00:00 2001
From: CalDescent <caldescent@protonmail.com>
Date: Fri, 17 Dec 2021 10:22:08 +0000
Subject: [PATCH] Allow the API whitelist to be easily disabled using the
 "apiWhitelistEnabled": false setting.

Now that we require API key authentication - and therefore security is greatly improved - many users will want to bypass the whitelist in order for the UI to communicate with their remote node. This gives an easy way to do this, without having to override the default whitelist. This boolean can now optionally be added to the default settings.json that is published with new releases, without removing the code's ability to update default whitelist values.
---
 src/main/java/org/qortal/settings/Settings.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/org/qortal/settings/Settings.java b/src/main/java/org/qortal/settings/Settings.java
index 871a7e1a..b01c7bdd 100644
--- a/src/main/java/org/qortal/settings/Settings.java
+++ b/src/main/java/org/qortal/settings/Settings.java
@@ -72,6 +72,7 @@ public class Settings {
 	// API-related
 	private boolean apiEnabled = true;
 	private Integer apiPort;
+	private boolean apiWhitelistEnabled = true;
 	private String[] apiWhitelist = new String[] {
 		"::1", "127.0.0.1"
 	};
@@ -492,6 +493,10 @@ public class Settings {
 	}
 
 	public String[] getApiWhitelist() {
+		if (!this.apiWhitelistEnabled) {
+			// Allow all connections if the whitelist is disabled
+			return new String[] {"0.0.0.0/0", "::/0"};
+		}
 		return this.apiWhitelist;
 	}