@@ -1678,26 +1678,6 @@ When enabled, the parser will accept the following:
16781678All the above will expose your application to request smuggling
16791679or poisoning attack. Avoid using this option.
16801680
1681- <!-- Anchor to make sure old links find a target -->
1682-
1683- <a id =" inspector_security " ></a >
1684-
1685- #### Warning: binding inspector to a public IP: port combination is insecure
1686-
1687- Binding the inspector to a public IP (including ` 0.0.0.0 ` ) with an open port is
1688- insecure, as it allows external hosts to connect to the inspector and perform
1689- a [ remote code execution] [ ] attack.
1690-
1691- If specifying a host, make sure that either:
1692-
1693- * The host is not accessible from public networks.
1694- * A firewall disallows unwanted connections on the port.
1695-
1696- ** More specifically, ` --inspect=0.0.0.0 ` is insecure if the port (` 9229 ` by
1697- default) is not firewall-protected.**
1698-
1699- See the [ debugging security implications] [ ] section for more information.
1700-
17011681### ` --inspect-brk[=[host:]port] `
17021682
17031683<!-- YAML
@@ -1710,6 +1690,9 @@ a random available port will be used.
17101690
17111691See [ V8 Inspector integration for Node.js] [ ] for further explanation on Node.js debugger.
17121692
1693+ See the [ security warning] [ ] below regarding the ` host `
1694+ parameter usage.
1695+
17131696### ` --inspect-port=[host:]port `
17141697
17151698<!-- YAML
@@ -1747,6 +1730,9 @@ a random available port will be used.
17471730
17481731See [ V8 Inspector integration for Node.js] [ ] for further explanation on Node.js debugger.
17491732
1733+ See the [ security warning] [ ] below regarding the ` host `
1734+ parameter usage.
1735+
17501736### ` --inspect[=[host:]port] `
17511737
17521738<!-- YAML
@@ -1761,6 +1747,26 @@ and profile Node.js instances. The tools attach to Node.js instances via a
17611747tcp port and communicate using the [ Chrome DevTools Protocol] [ ] .
17621748See [ V8 Inspector integration for Node.js] [ ] for further explanation on Node.js debugger.
17631749
1750+ <!-- Anchor to make sure old links find a target -->
1751+
1752+ <a id =" inspector_security " ></a >
1753+
1754+ #### Warning: binding inspector to a public IP: port combination is insecure
1755+
1756+ Binding the inspector to a public IP (including ` 0.0.0.0 ` ) with an open port is
1757+ insecure, as it allows external hosts to connect to the inspector and perform
1758+ a [ remote code execution] [ ] attack.
1759+
1760+ If specifying a host, make sure that either:
1761+
1762+ * The host is not accessible from public networks.
1763+ * A firewall disallows unwanted connections on the port.
1764+
1765+ ** More specifically, ` --inspect=0.0.0.0 ` is insecure if the port (` 9229 ` by
1766+ default) is not firewall-protected.**
1767+
1768+ See the [ debugging security implications] [ ] section for more information.
1769+
17641770### ` -i ` , ` --interactive `
17651771
17661772<!-- YAML
0 commit comments