Skip to content

Emtemf/api-codegen REV-2026-001: Restrict Web UI server to loopback by default #12

Description

@Emtemf

finding_id: REV-2026-001
priority: P0
area: security
kind: security
paths:

  • web-ui/server.js
    blocked_by: []
    automation: needs-design

Summary

Restrict the Web UI server to loopback by default so normal startup does not expose the application to the local network.

Evidence

Global review finding REV-2026-001 identified that web-ui/server.js can bind outside loopback and that host selection used for port probing can diverge from the host used by the server.

Impact

An unintended non-loopback bind can expose the Web UI and its bridge-backed operations to unauthenticated remote clients on reachable interfaces.

Scope

Update host defaults, keep port probing and server binding on the same effective host, add explicit external-host opt-in handling, and add regression coverage.

Out of scope

Authentication, authorization, TLS, and unrelated Web UI functionality.

Acceptance criteria

  • 默认只绑定 127.0.0.1 或显式配置的 loopback host
  • 端口探测和实际 server 使用同一 host
  • 外部 host 必须显式 opt-in,并有启动警告
  • 增加局域网不可达/host 配置回归验证

Verification

Run server startup tests and an end-to-end socket check for default loopback, configured loopback, and explicit external-host opt-in behavior.

Rollback

Revert the host-default and validation changes while retaining regression tests for a follow-up fix.

Dependencies

None. Keep this issue labeled automation:needs-design; do not add automation:ready until design review is complete.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions