Listen only on localhost by default

Shopify / pitchfork

Other

682 stars 21 forks source link

Listen only on localhost by default #14

Open sandstrom opened 2 years ago

sandstrom commented 2 years ago

Awesome project! 🏅

From the README:

pitchfork will bind to all interfaces on TCP port 8080 by default.

Since a --listen flag already exist, I'd suggest binding only to localhost (127.0.0.1) by default.

I know this is mostly used internally right now, but it's such a common thing for webservers to accidentally bind to a public interface, for example on developer machines, unknowingly exposing an app to the internet.

byroot commented 2 years ago

Thank you, that's a good point.

This default is inherited from unicorn, but I agree we should reconsider it. I'll have a look next week.