LyAhn/vibepod
1
0
Fork 0
mirror of https://github.com/JezzWTF/vibepod.git synced 2026-06-01 15:22:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 secure backend by binding uvicorn to localhost

Browse Source 
🎯 What: Changed the uvicorn host binding from 0.0.0.0 to 127.0.0.1 in server/start.sh.
⚠️ Risk: Binding to 0.0.0.0 exposes the unauthenticated backend API to any network interface, potentially allowing unauthorized access.
🛡️ Solution: Binding to 127.0.0.1 ensures the FastAPI backend is only accessible from the local machine, relying on the Next.js frontend to securely proxy external requests.

Co-authored-by: LyAhn <27559362+LyAhn@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2026-04-29 11:07:47 +00:00
parent 84e387ec42
commit edfc6dc501
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/start.sh
+2 -2
View File
@@ -72,7 +72,7 @@ fi
# Pass DEVICE env var so the server can select the correct torch device. # Pass DEVICE env var so the server can select the correct torch device.
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
echo "" echo ""
echo "--> Starting uvicorn on http://0.0.0.0:8000" echo "--> Starting uvicorn on http://127.0.0.1:8000"
export PYTHONUTF8=1 export PYTHONUTF8=1
if $CPU_MODE; then if $CPU_MODE; then
@@ -83,7 +83,7 @@ else
fi fi
exec uv run uvicorn vibevoice_server:app \ exec uv run uvicorn vibevoice_server:app \
--host 0.0.0.0 \ --host 127.0.0.1 \
--port 8000 \ --port 8000 \
--log-level info \ --log-level info \
"${PASSTHROUGH_ARGS[@]+"${PASSTHROUGH_ARGS[@]}"}" "${PASSTHROUGH_ARGS[@]+"${PASSTHROUGH_ARGS[@]}"}"