Currently, running servitsy without a custom --host argument will listen on :: (similar to 0.0.0.0), so that the server is reachable from other devices connected to the same local network.
This can be useful for development, when one wants to serve a folder of static files as a website that can be tested on a different device on the same network (e.g. a smartphone connected to the same wifi router).
But there are potential downsides like the “0.0.0.0 Day” family of vulnerabilities. It shouldn’t affect this package since it’s mostly about local servers that can write to disk or change some configuration or state from unauthenticated PUT or POST requests. Still, it might be better to err on the safe side and listen to localhost by default.
Currently, running
servitsywithout a custom--hostargument will listen on::(similar to0.0.0.0), so that the server is reachable from other devices connected to the same local network.This can be useful for development, when one wants to serve a folder of static files as a website that can be tested on a different device on the same network (e.g. a smartphone connected to the same wifi router).
But there are potential downsides like the “0.0.0.0 Day” family of vulnerabilities. It shouldn’t affect this package since it’s mostly about local servers that can write to disk or change some configuration or state from unauthenticated PUT or POST requests. Still, it might be better to err on the safe side and listen to
localhostby default.