vercel dev appears to accept HTTP and WebSocket requests without validating Host or Origin against the local listen address.
We have disabled vercel dev & web access being on at the same time @ our developer tooling until this is addressed.
see https://github.com/vercel/vercel/blob/main/packages/cli/src/util/dev/server.ts
vercel dev appears to accept HTTP and WebSocket requests without validating Host or Origin against the local listen address.
We have disabled vercel dev & web access being on at the same time @ our developer tooling until this is addressed.
see https://github.com/vercel/vercel/blob/main/packages/cli/src/util/dev/server.ts