Headlamp-server process is exposed to network in app mode #2852

sniok · 2025-02-05T17:10:26Z

headlamp-server process that is started when you launch headlamp as a desktop app is accessible to network because it listens to "*:4466"

With in-cluster mode it's expected but in app mode it should only listen to local connection from the electron (loopback 127.0.0.1)

To Reproduce

Steps to reproduce the bug:

I think to fix this issue, we need to be able to tell headlamp-server that it runs in app mode and then based on that it will listen on 127.0.0.1

adwait-godbole · 2025-02-09T07:50:01Z

working on this!

sniok added app backend Issues related to the backend bug Something isn't working security labels Feb 5, 2025

github-project-automation bot added this to Release Plan / Roadmap Feb 5, 2025

github-project-automation bot moved this to Queued in Release Plan / Roadmap Feb 5, 2025

dosubot bot added the desktop Issues related to the desktop label Feb 5, 2025

adwait-godbole linked a pull request Feb 9, 2025 that will close this issue

backend: Add app mode flag to fix network exposure #2876

Open

joaquimrocha added this to the v0.29.0 milestone Feb 18, 2025

joaquimrocha moved this from Queued to In Progress in Release Plan / Roadmap Feb 18, 2025