Skip to content

Commit

Permalink
revert: #759
Browse files Browse the repository at this point in the history 
That's actually not a good idea when you e.g. want to access the dev server from your mobile.
  • Loading branch information
@LinusBorg
LinusBorg authored Aug 29, 2017
1 parent 0866970 commit a56d4c6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion template/build/dev-server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ devMiddleware.waitUntilValid(() => {
_resolve()
})

var server = app.listen(port, 'localhost')
var server = app.listen(port)

module.exports = {
ready: readyPromise,
Expand Down

2 comments on commit a56d4c6

@olmstd
Copy link
Contributor

@olmstd olmstd commented on a56d4c6 Aug 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LinusBorg In my opinion, the potential drawbacks of this outweigh any benefits of increased usability. I wouldn't be sure that everyone using this package is aware of this default behavior. You are exposing your development server to any client on the network you are connected to in most scenarios, and in the worst case, to the world.

It is not uncommon for some developers to work while on a publicly accessible network. Personally, I discovered this when accessing peers' development environments without their knowledge. In this scenario, there is potential for leaking of API keys, unwanted exposure of source code, exposing private resources via proxy middleware etc...

@LinusBorg
Copy link
Contributor Author

@LinusBorg LinusBorg commented on a56d4c6 Aug 30, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that. To offer somethign for both side, we should make this a setting in /config/index.js, where people can decide weither to listen on localhost or "openly"

Please sign in to comment.