Comments (2)
pimterry
commented on May 19, 2024
1
If you run the official server builds in the standard way, they intentionally don't allow connections from anything but the official UI. This avoids cross-site request forgery style attacks (where a malicious website you visit communicates with local services on your machine).
By default, production builds allow connections only from app.httptoolkit.tech, which dev builds also allow various localhost URLs. This is defined here.
There's two options:
- You can run a local server in dev mode from a full checkout of the code, following the instructions in that repo
- You can run the production server release in dev mode, with
OCLIF_TS_NODE=0 ./bin/run startinstead of./bin/httptoolkit-server start- This avoids some initial setup steps, which result in the server being considered as a production build, with the restrictions that implies
OCLIF_TS_NODEis required to correctly run a production build (which bundles and drops various dev-only files and dependencies) in dev mode
- You can modify the server code, and build your own production releases which trust an alternative UI URL instead.
Does that all make sense?
from httptoolkit-ui.
imnoob404
commented on May 19, 2024
Thanks for the answer! I previously created my own fork of the server that disables the cors protection entirely. I don't think it's a good idea tough, hence I'm going to use your provided solution for the time being.
from httptoolkit-ui.
Related Issues (20)
- Unable to build in Mac Arm HOT 4
- Support latest npm? HOT 3
- Doesn't work with latest npm v17? HOT 4
- Allow getting SSL-Certificate HOT 3
- HAR: Inconsistent application/octet-stream post request payloads when exporting exchanges as http archive HOT 2
- Can't build HOT 4
- When Http Request use gzip, It will cause !!! REQUEST BODY COULD NOT BE DECODED !!! HOT 6
- `npm start` doesn't work on Windows HOT 4
- Error: listen EADDRINUSE HOT 1
- Angelkrejcu2 HOT 1
- Cannot build on Windows 11 HOT 4
- darwin-arm64 error HOT 1
- Local build is broken HOT 1
- [ Suggestion ] Add cookies search filters. HOT 1
- [Suggestion] Features HOT 3
- 404 when launching http://local.httptoolkit.tech:8080/ HOT 2
- [Suggestion] Dark Mode support HOT 1
- Upgrade some npm packages so this can build for linux aarch64 (arm64) HOT 10
- Had to go to 0.0.0.0:8080 since the local subdomain isn't by default setup on Linux HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from httptoolkit-ui.