Make Origin request header configurable

[sajal]

titanoboa/boa/rpc.py

Line 102 in 99eb986

self._session.headers["Origin"] = "Titanoboa"

Currently, the value of the Origin request header for all RPC calls has been hardcoded to Titanoboa. This is causing issues using alchemy in certain cases. It seems to be affecting certain accounts.

Example: With my personal Alchemy key, the following works

export WEB3_ALCHEMY_API_KEY=REMOVED_MY_KEY
$ curl -X POST -d '[{"jsonrpc":"2.0","method":"eth_getBalance","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":0},{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":1},{"jsonrpc":"2.0","method":"eth_getCode","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":2}]' https://base-mainnet.g.alchemy.com/v2/$WEB3_ALCHEMY_API_KEY  -H 'User-Agent: python-requests/2.32.3' --compressed    -H 'Content-Type: application/json' -H 'Origin: Titanoboa'
[{"jsonrpc":"2.0","id":0,"result":"0x1602a8e99cbf2cb7d"},{"jsonrpc":"2.0","id":1,"result":"0x8"},{"jsonrpc":"2.0","id":2,"result":"0x"}]

curl -X POST -d '[{"jsonrpc":"2.0","method":"eth_getBalance","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":0},{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":1},{"jsonrpc":"2.0","method":"eth_getCode","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":2}]' https://base-mainnet.g.alchemy.com/v2/$WEB3_ALCHEMY_API_KEY  -H 'User-Agent: python-requests/2.32.3' --compressed    -H 'Content-Type: application/json' 
[{"jsonrpc":"2.0","id":0,"result":"0x1602a8e99cbf2cb7d"},{"jsonrpc":"2.0","id":1,"result":"0x8"},{"jsonrpc":"2.0","id":2,"result":"0x"}]

However, when @scherrey tries it with his key, the request containing Origin: Titanoboa fails.

export WEB3_ALCHEMY_API_KEY=REMOVED_BENS_KEY
$ curl -X POST -d '[{"jsonrpc":"2.0","method":"eth_getBalance","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":0},{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":1},{"jsonrpc":"2.0","method":"eth_getCode","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":2}]' https://base-mainnet.g.alchemy.com/v2/$WEB3_ALCHEMY_API_KEY  -H 'User-Agent: python-requests/2.32.3' --compressed    -H 'Content-Type: application/json' -H 'Origin: Titanoboa'
[{"jsonrpc":"2.0", "id": 0, "error":{"code":-32000,"message":"Internal error"}},{"jsonrpc":"2.0", "id": 1, "error":{"code":-32000,"message":"Internal error"}},{"jsonrpc":"2.0", "id": 2, "error":{"code":-32000,"message":"Internal error"}}]

#But removing origin header "fixes" it

$ curl -X POST -d '[{"jsonrpc":"2.0","method":"eth_getBalance","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":0},{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":1},{"jsonrpc":"2.0","method":"eth_getCode","params":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0x15cf7f0"],"id":2}]' https://base-mainnet.g.alchemy.com/v2/$WEB3_ALCHEMY_API_KEY  -H 'User-Agent: python-requests/2.32.3' --compressed    -H 'Content-Type: application/json' 
[{"jsonrpc":"2.0","id":0,"result":"0x1602a8e99cbf2cb7d"},{"jsonrpc":"2.0","id":1,"result":"0x8"},{"jsonrpc":"2.0","id":2,"result":"0x"}]

This issue does not happen when forking arbitrum. My thinking is that some accounts are sharded to different loadbalancer implementations which might be validating headers in a stricter manner, or might even be something in account settings.

I don't want to raise this with Alchemy yet because The current value of Origin header is Titanaboa which appears to be invalid value per RFC6454

[charles-cooper]

hmm, i see. i agree that we should add some way to configure it, what do you think is a good high-level way to expose it?

in the meantime, you can work around by touching the rpc object directly,

del boa.env.py_evm.vm.state._account_db._rpc._session.headers["Origin"]

this should be safe to do -- the origin was just provided so that when connecting to frame.sh, the app name shows up as "Titanoboa", it is a UX-only detail.

[sajal]

Thanks for the suggestion. Works for me. I did have to adapt the command ( we are on titanoboa==0.2.5 )

del boa.env.evm.vm.state._account_db._rpc._rpc._session.headers["Origin"]

As for the configuration, the cleanest way IMO is to use an env header what defaults to blank string and people could assign it to whatever they want.

Alternatively, to make it more expressive (and preserve current default behavior) we could provide a headers_override kwarg to any command that takes rpc_url, example boa.fork , boa.set_network_env, etc. This way users could configure additional stuff like user-agent, authorization, etc.

[charles-cooper]

Alternatively, to make it more expressive (and preserve current default behavior) we could provide a headers_override kwarg to any command that takes rpc_url, example boa.fork , boa.set_network_env, etc. This way users could configure additional stuff like user-agent, authorization, etc.

this sounds most flexible, let's do this