Default server bind on all interfaces #23
Description
Summary
The server's default bind address is 0.0.0.0:8080, so it listens on all interfaces unless explicitly overridden. Whether the service is exposed to the internet or only to an internal network is entirely a matter of deployment. A misconfiguration could expose the server more broadly than intended.
Source Code
- The default is set in
crates/navigator-core/src/config.rsindefault_bind_address()(lines 93-94), which returns"0.0.0.0:8080".parse().expect(...). - The server uses this in
crates/navigator-server/src/lib.rsat line 140:TcpListener::bind(config.bind_address).
Originally by @drew on 2026-02-19T08:59:26.615-08:00