Default host to localhost when in development mode.

postmodern · postmodern · commit 28b014484a8a · 2013-02-09T21:28:55.000-08:00
* Running Rack apps on 0.0.0.0 in development mode will allow malicious
  users on the local network (ex: a Coffee Shop or a Conference) to abuse
  or potentially exploit the app. Safer to default host to localhost when in
  development mode.
diff --git a/lib/rack/server.rb b/lib/rack/server.rb
@@ -185,11 +185,14 @@ def options
     end
 
     def default_options
+      environment  = ENV['RACK_ENV'] || 'development'
+      default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
+
       {
-        :environment => ENV['RACK_ENV'] || "development",
+        :environment => environment,
         :pid         => nil,
         :Port        => 9292,
-        :Host        => "0.0.0.0",
+        :Host        => default_host,
         :AccessLog   => [],
         :config      => "config.ru"
       }
