(http.jameshfisher.com)

652 points jamesfisher | 1 comments | 28 May 19 07:57 UTC | HN request time: 0s | source

Show context

suyash ◴[28 May 19 09:08 UTC] No.20028417[source]▶

>>20028108 (OP) #

Can anyone share what measures we can take as web developers to secure local development environment?

replies(3): >>20028730 #>>20028771 #>>20029113 #

deno ◴[28 May 19 10:31 UTC] No.20028771[source]▶

>>20028417 #

Custom DNS server with DNS rebind protection. E.g. if you’re running OpenWRT you’re fine[1].

Also just don’t test on localhost. You can use a proper domain (or claim one in .test TLD[1] if you’re fine with selfsigned certs) and point it to localhost.

If you’re going to use any redirect flow like OAuth/OpenID you’re going to need this for testing eventually anyway.

[1] https://openwrt.org/docs/guide-user/base-system/dhcp

[2] https://en.wikipedia.org/wiki/.test

replies(2): >>20029429 #>>20034016 #

1. JeremyNT ◴[28 May 19 20:23 UTC] No.20034016[source]▶

>>20028771 #

> Custom DNS server with DNS rebind protection. E.g. if you’re running OpenWRT you’re fine[1].

One (very) easy way to achieve this is to use dnsmasq as a local caching server and pass it the option --stop-dns-rebind

↑

I can see your local web servers