Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obey ip argument and only bind to given address. #926

Merged
merged 1 commit into from
Oct 26, 2021
Merged

Obey ip argument and only bind to given address. #926

merged 1 commit into from
Oct 26, 2021

Conversation

adament
Copy link
Contributor

@adament adament commented Aug 2, 2021

Previously since no address was given to the tornado listen call the
voila application listens on all interfaces.

References

I have not opened an issue for this and could not find one when I quickly looked.

Code changes

Simply change the call to tornado.web.Application.listen so that it passes along the Voila.ip parameter as the address argument.

User-facing changes

If people previously relied on voila by default binding to all interfaces they will now experience a backwards compatibility break, the backwards compatibility can be preserved by changing the default value of ip to '0.0.0.0' (which is what it actually was). Personally I do however believe that the previous behaviour was a security issue (binding on all interfaces while claiming to bind only to localhost) and should be fixed, and users should explicitly opt in to binding to more than localhost. But I understand if preserving backwards compatibility is to preferred.

Backwards-incompatible changes

Same as User-facing changes.

@adament
Obey ip argument and only bind to given address.
17513aa 
Previously since no address was given to the tornado listen call the
voila application listens on all interfaces.
@jtpio
Copy link
Member

jtpio commented Aug 30, 2021

Thanks @adament!

If people previously relied on voila by default binding to all interfaces they will now experience a backwards compatibility break

Adding to the 0.3.0 milestone for consideration.

@jtpio jtpio added the bug Something isn't working label Aug 30, 2021
@jtpio jtpio added this to the 0.3.0 milestone Aug 30, 2021
@trungleduc
Copy link
Member

Thank @adament, LGTM!

@trungleduc trungleduc merged commit ae3fdfb into voila-dashboards:main Oct 26, 2021
@trungleduc trungleduc mentioned this pull request Oct 26, 2021
Closed
@trungleduc trungleduc mentioned this pull request Dec 18, 2021
Closed
@trungleduc trungleduc mentioned this pull request Apr 1, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
0.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@adament @jtpio @trungleduc