Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Default host to localhost when in development mode.
* Running Rack apps on 0.0.0.0 in development mode will allow malicious
  users on the local network (ex: a Coffee Shop or a Conference) to abuse
  or potentially exploit the app. Safer to default host to localhost when in
  development mode.
  • Loading branch information
postmodern committed Feb 10, 2013
1 parent 7b535cd commit 28b0144
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/rack/server.rb
Expand Up @@ -185,11 +185,14 @@ def options
end end


def default_options def default_options
environment = ENV['RACK_ENV'] || 'development'
default_host = environment == 'development' ? 'localhost' : '0.0.0.0'

{ {
:environment => ENV['RACK_ENV'] || "development", :environment => environment,
:pid => nil, :pid => nil,
:Port => 9292, :Port => 9292,
:Host => "0.0.0.0", :Host => default_host,
:AccessLog => [], :AccessLog => [],
:config => "config.ru" :config => "config.ru"
} }
Expand Down

0 comments on commit 28b0144

Please sign in to comment.