New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
listen doesnt work on LAN #3498
Comments
Yes, we really should, if we're going to allow external connections. It's so easy to mess up your system through this:
|
I'd also be cool with putting execute and such commands locked behind further security gates, like a somewhat long launch flag name. Thanks!! |
Yeah, I also thought about that. We probably have two options:
|
Thanks! I had to get a newer version of go than apt provides, built fzf, and --listen does require |
One thing I'd like to note is when setting queries to large values and then setting to a smaller value, the horizontal scroll in the search bar isn't reset so it looks a bit wonky. Not a big problem but it made me think there was a huge bug for a few minutes last week. |
You'll see the same result when you hold down the backspace key and erase the query. It can be less confusing because you see the whole process. I thought curl localhost:6266 -d'change-query:'
curl localhost:6266 -d'change-query:foo' |
84bb350 is a simple patch that makes the `beginning of line+end of line' trick work as expected. (Ideally, we should be able to handle any action that moves the cursor to the left.) |
man fzf
)Info
Problem / Steps to reproduce
I find that I can access fzf --listen server just fine with curl but only on localhost.
I have a use case where I want to do some semi automated file searching, so i use a preview hook to curl a
change-query
command. Well I often want the backend fzf doing the file list matching to be on a remote host.I see much discussion around security for
--listen
which seems reasonable but I think from what I saw in the code, this binds to localhost right now.I reckon the security is good enough that we can allow network hosts to connect. Maybe we can enforce the use of an auth token to do this?
The text was updated successfully, but these errors were encountered: