From 0e1d77c912e8864b0129aa4a188e7159883c9e83 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 6 Mar 2026 17:17:47 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20[security=20fix]=20Restrict=20Gr?=
 =?UTF-8?q?adio=20and=20FastAPI=20to=20localhost=20by=20default?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit addresses a security vulnerability where the Gradio and FastAPI interfaces were exposed to all network interfaces (0.0.0.0).

Changes:
- Modified `app.py` to bind Gradio to `127.0.0.1` by default.
- Added support for `GRADIO_SERVER_NAME` environment variable to allow configuration in environments like Docker.
- Updated `backend/app/config.py` to set the default backend host to `127.0.0.1`.
- Updated `backend/.env.example` to reflect the new secure default.

This ensures the application is secure by default while remaining configurable for containerized deployments.

Co-authored-by: SarmaHighOnCode <218538054+SarmaHighOnCode@users.noreply.github.com>
---
 app.py                | 3 ++-
 backend/.env.example  | 2 +-
 backend/app/config.py | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app.py b/app.py
index 05865ba..34a87e4 100644
--- a/app.py
+++ b/app.py
@@ -10,6 +10,7 @@
 """
 
 import io
+import os
 from pathlib import Path
 
 import gradio as gr
@@ -475,7 +476,7 @@ def create_interface():
     print("Starting Gradio interface...")
     demo = create_interface()
     demo.launch(
-        server_name="0.0.0.0",
+        server_name=os.getenv("GRADIO_SERVER_NAME", "127.0.0.1"),
         server_port=7860,
         share=False,
     )
diff --git a/backend/.env.example b/backend/.env.example
index d4fc3ac..a7f026c 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -10,7 +10,7 @@ DEBUG=true
 LOG_LEVEL=info
 
 # --- Server ---
-HOST=0.0.0.0
+HOST=127.0.0.1
 PORT=8000
 
 # --- Redis (Celery Broker) ---
diff --git a/backend/app/config.py b/backend/app/config.py
index 6d2877e..3ef9e36 100644
--- a/backend/app/config.py
+++ b/backend/app/config.py
@@ -19,7 +19,7 @@ class Settings(BaseSettings):
     log_level: str = "info"
 
     # Server
-    host: str = "0.0.0.0"
+    host: str = "127.0.0.1"
     port: int = 8000
 
     # Redis