docs: clarify public-api warning behavior#201
Conversation
AssessmentThe PR is correct and the fix matters. Worth expanding on why the distinction is security-relevant for node operators. What
|
| Behaviour | Enforced? |
|---|---|
Hide pending-tx RPCs (txpool_*, etc.) |
✅ Yes — actively blocked at runtime |
Strip unsafe namespaces from --http.api / --ws.api |
❌ No — startup warning only, non-fatal |
The old wording ("enforces these restrictions at runtime") implied the second row was also active enforcement. An operator who reads that, adds --public-api, and forgets to audit --http.api could expose debug / trace / admin while believing the flag protected them.
Consistency with the rest of the doc
The intro section (~line 400 of the current main branch) already uses "warns if --http.api / --ws.api exposes namespaces beyond the safe set" — so this PR also fixes an internal inconsistency.
Suggestions
-
State the non-fatal consequence explicitly. The new text says "warns at startup" but a reader could still wonder whether the node refuses to start. A short addition like "…warns at startup (the node continues to start and serve those namespaces regardless)" removes all ambiguity.
-
Cite the source location. The PR description says "In code, unsafe namespace selections only trigger a startup warning." Linking to or quoting the relevant function would make this self-verifying for future reviewers and prevent the same misunderstanding from creeping back in.
-
Consider a callout block. Operators skimming the doc are the audience this protects. A
> ⚠️ Note:callout makes the "you must still configure--http.apicorrectly" point harder to miss than inline prose.
Overall: merge-worthy as-is. The factual correction is important and the new wording is clearer. The suggestions above are optional improvements, not blockers.
Summary
--public-apienforces pending-transaction hiding, but does not rewrite or reject--http.api/--ws.apiselectionsWhy
The previous wording said
--public-apienforced the public RPC restrictions at runtime. In code, unsafe namespace selections only triggerwarn_if_public_api_unsafe, so the docs could imply stronger protection than the node actually applies.Relevant code:
Testing
git diff --check