[mikegirouard]

I'm sure it's been considered already, but I'm immediately concerned about the security implications of running a node server when debugging. Perhaps that is only the case when debugging in a stand-alone setup?

Think if you RDP to Firefox or Chrome and forget that the server is running. Does that mean that if I browse to http://your.machine:8000 that I can control your browser?

[clarkbw]

This is only for development of the debugger itself and shouldn't be used for a production release. Within Firefox there is no node process it is run purely as a web application.

[mikegirouard]

That makes sense. I figured that there was most likely two different run modes (in browser vs stand-alone). Thanks for clarifying.

[Karunamon]

Ouch.. yeah. If there is the slightest degree of sanity in the world, that server is bound to 127.0.0.1 and not the external interface (with appropriate hoops to jump through if you want to change it)

[edibleEnergy]

It is bound to all interfaces as of the current commit: https://github.com/devtools-html/debugger.html/blob/7c002fdc... Generally the sanest default for that value is 127.0.0.1 and changeable via a cli option.

[cptskippy]

I believe it's done this way to facilitate remote debugging on mobile devices or node servers.