From f248b4791e33b6e1dd3d37144bdcd777252ec901 Mon Sep 17 00:00:00 2001 From: James Sumners Date: Wed, 22 Feb 2023 12:35:07 -0500 Subject: [PATCH] Change server.listen default address --- docs/server.md | 11 +++++++++-- lib/server.js | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/server.md b/docs/server.md index a1292eb..9366cf0 100644 --- a/docs/server.md +++ b/docs/server.md @@ -80,8 +80,15 @@ Example: `listen(port, [host], [callback])` Begin accepting connections on the specified port and host. If the host is -omitted, the server will accept connections directed to any IPv4 address -(INADDR\_ANY). +omitted, the server will accept connections directed to the IPv4 address +`127.0.0.1`. To listen on any other address, supply said address as the `host` +parameter. For example, to listen on all available IPv6 addresses supply +`::` as the `host` (note, this _may_ also result in listening on all +available IPv4 addresses, depending on operating system behavior). + +We highly recommend being as explicit as possible with the `host` parameter. +Listening on all available addresses (through `::` or `0.0.0.0`) can lead +to potential security issues. This function is asynchronous. The last parameter callback will be called when the server has been bound. diff --git a/lib/server.js b/lib/server.js index 1006c42..30af2e3 100644 --- a/lib/server.js +++ b/lib/server.js @@ -701,13 +701,13 @@ Server.prototype.after = function () { }) } -// All these just reexpose the requisite net.Server APIs +// All these just re-expose the requisite net.Server APIs Server.prototype.listen = function (port, host, callback) { if (typeof (port) !== 'number' && typeof (port) !== 'string') { throw new TypeError('port (number or path) required') } if (typeof (host) === 'function') { callback = host - host = '0.0.0.0' + host = '127.0.0.1' } if (typeof (port) === 'string' && /^[0-9]+$/.test(port)) { // Disambiguate between string ports and file paths