From 13ea9ebfad58ab2d36771b849ebf27aae4de2e03 Mon Sep 17 00:00:00 2001
From: Mike Grabowski <grabbou@gmail.com>
Date: Wed, 27 Feb 2019 21:53:11 +0100
Subject: [PATCH 1/5] commit

---
 .../server/middleware/MiddlewareManager.js    |  4 +--
 .../getSecurityHeadersMiddleware.js           | 28 ++++++++++---------
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/packages/cli/src/server/middleware/MiddlewareManager.js b/packages/cli/src/server/middleware/MiddlewareManager.js
index 696a04d08..4f0010e64 100644
--- a/packages/cli/src/server/middleware/MiddlewareManager.js
+++ b/packages/cli/src/server/middleware/MiddlewareManager.js
@@ -26,7 +26,7 @@ import getDevToolsMiddleware from './getDevToolsMiddleware';
 
 type Options = {
   +watchFolders: $ReadOnlyArray<string>,
-  +host?: string,
+  +host: string,
 };
 
 type WebSocketProxy = {
@@ -46,7 +46,7 @@ export default class MiddlewareManager {
 
     this.options = options;
     this.app = connect()
-      .use(getSecurityHeadersMiddleware)
+      .use(getSecurityHeadersMiddleware(this.options))
       .use(loadRawBodyMiddleware)
       .use(compression())
       .use('/debugger-ui', serveStatic(debuggerUIFolder))
diff --git a/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js b/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
index d5cf6b145..9cec449d0 100644
--- a/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
+++ b/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
@@ -8,20 +8,22 @@
  * @format
  */
 
-export default function getSecurityHeadersMiddleware(req, res, next) {
-  const address = req.client.server.address();
+export default function getSecurityHeadersMiddleware({ host }) {
+  return (req, res, next) => {
+    const address = req.client.server.address();
 
-  // Block any cross origin request.
-  if (
-    req.headers.origin &&
-    req.headers.origin !== `http://localhost:${address.port}`
-  ) {
-    next(new Error('Unauthorized'));
-    return;
-  }
+    // Block any cross origin request.
+    if (
+      req.headers.origin &&
+      req.headers.origin !== `http://${host}:${address.port}`
+    ) {
+      next(new Error('Unauthorized'));
+      return;
+    }
 
-  // Block MIME-type sniffing.
-  res.setHeader('X-Content-Type-Options', 'nosniff');
+    // Block MIME-type sniffing.
+    res.setHeader('X-Content-Type-Options', 'nosniff');
 
-  next();
+    next();
+  };
 }

From 63477354719602711135415a0b5f5303c8df4674 Mon Sep 17 00:00:00 2001
From: Mike Grabowski <grabbou@gmail.com>
Date: Wed, 27 Feb 2019 22:11:13 +0100
Subject: [PATCH 2/5] Fix lint

---
 packages/cli/src/server/runServer.js | 2 +-
 packages/cli/src/server/server.js    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/cli/src/server/runServer.js b/packages/cli/src/server/runServer.js
index adf6d2a57..b851c5741 100644
--- a/packages/cli/src/server/runServer.js
+++ b/packages/cli/src/server/runServer.js
@@ -24,7 +24,7 @@ export type Args = {|
   assetExts?: string[],
   cert?: string,
   customLogReporterPath?: string,
-  host?: string,
+  host: string,
   https?: boolean,
   maxWorkers?: number,
   key?: string,
diff --git a/packages/cli/src/server/server.js b/packages/cli/src/server/server.js
index f9eb50e82..1cc17bf6a 100644
--- a/packages/cli/src/server/server.js
+++ b/packages/cli/src/server/server.js
@@ -19,6 +19,7 @@ export default {
     {
       command: '--port [number]',
       parse: (val: string) => Number(val),
+      default: 8081,
     },
     {
       command: '--host [string]',

From ee3d5d1f206ff946cc760aedf16509b0a0b3e635 Mon Sep 17 00:00:00 2001
From: Mike Grabowski <grabbou@gmail.com>
Date: Wed, 27 Feb 2019 22:19:55 +0100
Subject: [PATCH 3/5] Remove default flag

---
 packages/cli/src/server/server.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/packages/cli/src/server/server.js b/packages/cli/src/server/server.js
index 1cc17bf6a..f9eb50e82 100644
--- a/packages/cli/src/server/server.js
+++ b/packages/cli/src/server/server.js
@@ -19,7 +19,6 @@ export default {
     {
       command: '--port [number]',
       parse: (val: string) => Number(val),
-      default: 8081,
     },
     {
       command: '--host [string]',

From 3857e518ce695098314b5e655b5a52ed8fdc390b Mon Sep 17 00:00:00 2001
From: Mike Grabowski <grabbou@gmail.com>
Date: Wed, 27 Feb 2019 22:46:25 +0100
Subject: [PATCH 4/5] commit

---
 .../middleware/getDevToolsMiddleware.js       |  8 +++---
 .../getSecurityHeadersMiddleware.js           | 28 +++++++++----------
 packages/cli/src/server/server.js             |  2 +-
 3 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/packages/cli/src/server/middleware/getDevToolsMiddleware.js b/packages/cli/src/server/middleware/getDevToolsMiddleware.js
index 96bf20652..a61597585 100644
--- a/packages/cli/src/server/middleware/getDevToolsMiddleware.js
+++ b/packages/cli/src/server/middleware/getDevToolsMiddleware.js
@@ -9,20 +9,20 @@
 import launchChrome from '../util/launchChrome';
 import logger from '../../util/logger';
 
-function launchChromeDevTools(host, port, args = '') {
-  const debuggerURL = `http://${host}:${port}/debugger-ui${args}`;
+function launchChromeDevTools(port, args = '') {
+  const debuggerURL = `http://localhost:${port}/debugger-ui${args}`;
   logger.info('Launching Dev Tools...');
   launchChrome(debuggerURL);
 }
 
-function launchDevTools({ host, port, watchFolders }, isChromeConnected) {
+function launchDevTools({ port, watchFolders }, isChromeConnected) {
   // Explicit config always wins
   const customDebugger = process.env.REACT_DEBUGGER;
   if (customDebugger) {
     customDebugger({ watchFolders, customDebugger });
   } else if (!isChromeConnected()) {
     // Dev tools are not yet open; we need to open a session
-    launchChromeDevTools(host, port);
+    launchChromeDevTools(port);
   }
 }
 
diff --git a/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js b/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
index 9cec449d0..d5cf6b145 100644
--- a/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
+++ b/packages/cli/src/server/middleware/getSecurityHeadersMiddleware.js
@@ -8,22 +8,20 @@
  * @format
  */
 
-export default function getSecurityHeadersMiddleware({ host }) {
-  return (req, res, next) => {
-    const address = req.client.server.address();
+export default function getSecurityHeadersMiddleware(req, res, next) {
+  const address = req.client.server.address();
 
-    // Block any cross origin request.
-    if (
-      req.headers.origin &&
-      req.headers.origin !== `http://${host}:${address.port}`
-    ) {
-      next(new Error('Unauthorized'));
-      return;
-    }
+  // Block any cross origin request.
+  if (
+    req.headers.origin &&
+    req.headers.origin !== `http://localhost:${address.port}`
+  ) {
+    next(new Error('Unauthorized'));
+    return;
+  }
 
-    // Block MIME-type sniffing.
-    res.setHeader('X-Content-Type-Options', 'nosniff');
+  // Block MIME-type sniffing.
+  res.setHeader('X-Content-Type-Options', 'nosniff');
 
-    next();
-  };
+  next();
 }
diff --git a/packages/cli/src/server/server.js b/packages/cli/src/server/server.js
index f9eb50e82..6fe1adbb8 100644
--- a/packages/cli/src/server/server.js
+++ b/packages/cli/src/server/server.js
@@ -22,7 +22,7 @@ export default {
     },
     {
       command: '--host [string]',
-      default: '0.0.0.0',
+      default: '',
     },
     {
       command: '--watchFolders [list]',

From 19425f82811578d064fc9a137583100dd5d4bb67 Mon Sep 17 00:00:00 2001
From: Mike Grabowski <grabbou@gmail.com>
Date: Wed, 27 Feb 2019 22:52:09 +0100
Subject: [PATCH 5/5] Revert type changes

---
 packages/cli/src/server/middleware/MiddlewareManager.js | 4 ++--
 packages/cli/src/server/runServer.js                    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/cli/src/server/middleware/MiddlewareManager.js b/packages/cli/src/server/middleware/MiddlewareManager.js
index 4f0010e64..696a04d08 100644
--- a/packages/cli/src/server/middleware/MiddlewareManager.js
+++ b/packages/cli/src/server/middleware/MiddlewareManager.js
@@ -26,7 +26,7 @@ import getDevToolsMiddleware from './getDevToolsMiddleware';
 
 type Options = {
   +watchFolders: $ReadOnlyArray<string>,
-  +host: string,
+  +host?: string,
 };
 
 type WebSocketProxy = {
@@ -46,7 +46,7 @@ export default class MiddlewareManager {
 
     this.options = options;
     this.app = connect()
-      .use(getSecurityHeadersMiddleware(this.options))
+      .use(getSecurityHeadersMiddleware)
       .use(loadRawBodyMiddleware)
       .use(compression())
       .use('/debugger-ui', serveStatic(debuggerUIFolder))
diff --git a/packages/cli/src/server/runServer.js b/packages/cli/src/server/runServer.js
index b851c5741..adf6d2a57 100644
--- a/packages/cli/src/server/runServer.js
+++ b/packages/cli/src/server/runServer.js
@@ -24,7 +24,7 @@ export type Args = {|
   assetExts?: string[],
   cert?: string,
   customLogReporterPath?: string,
-  host: string,
+  host?: string,
   https?: boolean,
   maxWorkers?: number,
   key?: string,