You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: internal/documentation/docs/pages/Server.md
+14-1Lines changed: 14 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,19 @@ import VPButton from "vitepress/dist/client/theme-default/components/VPButton.vu
10
10
<VPButtonclass="no-decoration"text="📚 API Reference"href="https://ui5.github.io/cli/v5/api/module-@ui5_server.html"/>
11
11
</div>
12
12
13
+
::: warning Development Use Only
14
+
The UI5 Server is intended for **local development purposes only**. It must not be exposed to untrusted parties or used as a public-facing web server.
15
+
16
+
The server does **not** implement safeguards against various network-based attacks — this is by design, as it is not meant to serve production traffic.
17
+
18
+
Please be aware of the following risks when using the server:
19
+
20
+
-**Custom middleware** from third parties can execute arbitrary code on your system and may introduce additional security vulnerabilities when the server is exposed to a network.
21
+
-**Proxy middleware** configured with credentials may enable unauthorized access to the target system for other parties on the same network.
22
+
- Using `--accept-remote-connections` makes the server reachable from all hosts on your network, which significantly increases the attack surface.
23
+
24
+
:::
25
+
13
26
## Standard Middleware
14
27
15
28
All available standard middleware are listed below in the order of their execution.
@@ -88,4 +101,4 @@ If Chrome unintentionally redirects an HTTP-URL to HTTPS, you need to delete the
0 commit comments