[emrun] Don't listen to 0.0.0.0 by default (#22077) #22645
Conversation
|
bug #22077 |
…core#22077) A developer might start emrun without thinking about the --hostname setting. So he might expose sensible data on the webserver to the LAN or to the Internet. It might even happen, that a vulnerable Emsdk version becomes publicly reachable. Instead use localhost (127.0.0.1) by default, which is usually sufficient for development.
kolAflash
force-pushed
the
main_22077
branch
from
5ef6a5a
to
7b0fec6
Compare
sbc100
changed the title
|
I normally do all my work over ssh and then point my browser at the IP of the my server.. so I guess I will always be adding |
Hmm hmm.. yeah, I can see that this can be tedious. Although emrun already has the default that it attempts to launch a browser, so you've been passing the --no_browser flag as well I presume? I find it tedious to need to write that If we defaulted to 0.0.0.0 and while doing so, print a warning that this will be accessible to all users, and then ask developers to opt to --hostname=127.0.0.1, then they would find it tedious. |
|
If you have any ideas for fixing the failed tests or making the discussed suggestions, feel free to amend a patch. |
Yes, I run with |
A developer might start emrun without thinking about the --hostname setting. So he might expose sensible data on the webserver to the LAN or to the Internet. It might even happen, that a vulnerable Emsdk version becomes publicly reachable.
Instead use localhost (127.0.0.1) by default, which is usually sufficient for development.