The most problematic one is that leaving this open, allows hackers to take over the source, complied source and inject malicious code (read more here .)
Due to the fact that the current settings of the Redwood dev server is only with localhost, although there is an option to change it to 0.0.0.0, it is still a problem
There are several options to work with the dev server and test it with an “external” network:
- setup the whole environment in a Docker (or any other) container. This is currently an option that is not simple as it requires additional changes to the code base of the dev server as well as the default redwood app.
- as the above mentioned article suggests, have the following added to the webpack start script (currently there is no option to add these changes to the
yarn rw dev):
--host 0.0.0.0 --public example.company.com, where theexample.company.comis the external URL for the dev server.
Testing is an important stage of every development process, and one of them is to test the site from an “external” network that has other settings, like for example, mobile device (that has applications installed), other restrictions, etc. You don’t want to get to ta production release and then test these issues.