From 08489776ae2c84a75aa01d1069f47fc4f938f07e Mon Sep 17 00:00:00 2001
From: raihanou1 <93140829+raihanou1@users.noreply.github.com>
Date: Fri, 23 Aug 2024 14:47:07 +0200
Subject: [PATCH] Security: listen to 127.0.0.1 (localhost) instead on 0.0.0.0
 (public) (#861)

To enhace the application's security, the default host configuration should be altered to 127.0.0.1. The current setting, 0.0.0.0, permits connections from any external IP address, thereby widening the attack surface. This could lead to several security vulnerabilities, such as:

* Denial of Service (DoS) Attacks: Attackers can inundate the system with an overwhelming number of requests, leading to service interruptions for legitimate users by exhausting the system's resources.
* Man-in-the-Middle (MitM) Attacks: The open access makes it feasible for attackers to intercept and manipulate communications between two parties covertly.

By changing the default host to 127.0.0.1, we limit connections exclusively to the local machine. This adjustment drastically minimizes these security risks and reinforces the application's defenses against potential cyber threats.
---
 CHANGELOG.md               | 4 +++-
 backend/chainlit/config.py | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0b25c42d62..f9095758d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,8 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
-Nothing unreleased!
+### Changed
 
+- changing the default host from 0.0.0.0 to 127.0.0.1  
+  
 ## [1.1.403rc0] - 2024-08-13
 
 ### Fixed
diff --git a/backend/chainlit/config.py b/backend/chainlit/config.py
index f43482b637..5159263f96 100644
--- a/backend/chainlit/config.py
+++ b/backend/chainlit/config.py
@@ -164,7 +164,7 @@
 """
 
 
-DEFAULT_HOST = "0.0.0.0"
+DEFAULT_HOST = "127.0.0.1"
 DEFAULT_PORT = 8000
 DEFAULT_ROOT_PATH = ""