Devserver: Only listen on localhost
Summary: In response to https://github.com/facebook/flipper/issues/553 This server is just serving the local assets to the electron instance, when you are running flipper from source (`yarn start`). It's not used in production releases. I don't think there's a need to encrypt this traffic - it's analogous to running a local web server while you are developing it, however I don't see a reason not to restrict it to localhost. Reviewed By: danielbuechele Differential Revision: D17500039 fbshipit-source-id: 5b9df3937d71dc542cfa900da8c9e7f285a0e6ac
This commit is contained in:
John Knox
committed by
Facebook Github Bot
Facebook Github Bot
parent
1d29120715
commit
9871a6d155
@@ -107,7 +107,7 @@ function startAssetServer(port) {
|
|||||||
const server = http.createServer(app);
|
const server = http.createServer(app);
|
||||||
|
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
server.listen(port, () => resolve({app, server}));
|
server.listen(port, 'localhost', () => resolve({app, server}));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user