I was watching a (albeit old) security talk on insecure rails defaults. I was wondering if there is a way to tell if Rails now binds to ip 127.0.0.1, port 3000 by default? When I spin up rails s, I see
± |master {1} U:4 ✗| → rails s
=> Booting Puma
=> Rails 6.0.2.2 application starting in development
=> Run `rails server --help` for more startup options
/Users/pivotal/.rbenv/versions/2.7.0/lib/ruby/gems/2.7.0/gems/actionpack-6.0.2.2/lib/action_dispatch/middleware/stack.rb:37: warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call
/Users/pivotal/.rbenv/versions/2.7.0/lib/ruby/gems/2.7.0/gems/actionpack-6.0.2.2/lib/action_dispatch/middleware/static.rb:110: warning: The called method `initialize' is defined here
Puma starting in single mode...
* Version 4.3.3 (ruby 2.7.0-p0), codename: Mysterious Traveller
* Min threads: 5, max threads: 5
* Environment: development
* Listening on tcp://**127.0.0.1**:3000
* Listening on tcp://[::1]:3000
Use Ctrl-C to stop
As per this pretty old Stack overflow post, I tried adding the following to my boot.rb and got an error about my Spring versions.
Boot.rb require 'rails/commands/server'
module Rails
class Server
def default_options
super.merge({Port: 10524, Host: '127.0.0.1'})
end
end
end
± |master {1} U:4 ✗| → rails s
You've tried to invoke Spring when it's already loaded (i.e. the Spring constant is defined).
This is probably because you generated binstubs with Spring 1.0, and you now have a Spring version > 1.0 on your system. To solve this, upgrade your bundle to the latest Spring version and then run `bundle exec spring binstub --all` to regenerate your binstubs. This is a one-time step necessary to upgrade from 1.0 to 1.1.
I do those steps, but still an error.
