mirror of
https://github.com/kopia/kopia.git
synced 2026-05-17 11:14:44 -04:00
c26c6a1b97
* feat(cli): restrict insecure unauthenticated server to loopback binds Reject starting the server with --insecure and --without-password when --address would bind outside loopback (including empty host / all interfaces). Validate the actual listener after Listen so systemd socket activation cannot bypass the check. Add hidden --allow-extremely-dangerous-unauthenticated-server-on-the-network to opt into the previous behavior for isolated environments. Extract validation into internal/insecureserverbind with table-driven tests. Add end-to-end smoke tests for rejection and escape hatch. Co-authored-by: Cursor <cursoragent@cursor.com> * Update internal/insecureserverbind/insecureserverbind.go Co-authored-by: Julio López <1953782+julio-lopez@users.noreply.github.com> * pr feedback --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Julio López <1953782+julio-lopez@users.noreply.github.com>