Skip to content

docs: clarify public-api warning behavior#201

Open
UfukNode wants to merge 2 commits into
circlefin:mainfrom
UfukNode:docs/clarify-public-api-warning
Open

docs: clarify public-api warning behavior#201
UfukNode wants to merge 2 commits into
circlefin:mainfrom
UfukNode:docs/clarify-public-api-warning

Conversation

@UfukNode

@UfukNode UfukNode commented Jul 14, 2026

Copy link
Copy Markdown

Summary

  • clarify that --public-api enforces pending-transaction hiding, but does not rewrite or reject --http.api / --ws.api selections
  • make it explicit that unsafe namespace selections only produce a startup warning and the node continues to serve those namespaces
  • remind operators that public endpoints must still be configured with only the safe RPC namespaces

Why

The previous wording said --public-api enforced the public RPC restrictions at runtime. In code, unsafe namespace selections only trigger warn_if_public_api_unsafe, so the docs could imply stronger protection than the node actually applies.

Relevant code:

Testing

  • git diff --check

@UfukNode UfukNode marked this pull request as ready for review July 14, 2026 19:06
@osr21

osr21 commented Jul 14, 2026

Copy link
Copy Markdown

Assessment

The PR is correct and the fix matters. Worth expanding on why the distinction is security-relevant for node operators.

What --public-api actually enforces

The flag does two distinct things:

Behaviour Enforced?
Hide pending-tx RPCs (txpool_*, etc.) ✅ Yes — actively blocked at runtime
Strip unsafe namespaces from --http.api / --ws.api ❌ No — startup warning only, non-fatal

The old wording ("enforces these restrictions at runtime") implied the second row was also active enforcement. An operator who reads that, adds --public-api, and forgets to audit --http.api could expose debug / trace / admin while believing the flag protected them.

Consistency with the rest of the doc

The intro section (~line 400 of the current main branch) already uses "warns if --http.api / --ws.api exposes namespaces beyond the safe set" — so this PR also fixes an internal inconsistency.

Suggestions

  1. State the non-fatal consequence explicitly. The new text says "warns at startup" but a reader could still wonder whether the node refuses to start. A short addition like "…warns at startup (the node continues to start and serve those namespaces regardless)" removes all ambiguity.

  2. Cite the source location. The PR description says "In code, unsafe namespace selections only trigger a startup warning." Linking to or quoting the relevant function would make this self-verifying for future reviewers and prevent the same misunderstanding from creeping back in.

  3. Consider a callout block. Operators skimming the doc are the audience this protects. A > ⚠️ Note: callout makes the "you must still configure --http.api correctly" point harder to miss than inline prose.

Overall: merge-worthy as-is. The factual correction is important and the new wording is clearer. The suggestions above are optional improvements, not blockers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants