From 102b7385990e4cbccaf16759f29bd059a677c650 Mon Sep 17 00:00:00 2001
From: applesnort <joelrobertmangin@gmail.com>
Date: Thu, 25 Jun 2026 11:56:44 -0400
Subject: [PATCH] fix(dev): bind to all interfaces for Docker

On macOS, Docker containers reach the host via host.docker.internal
which maps to 192.168.65.254, not loopback. Default bindAddr of
['authn.localhost'] only listens on 127.0.0.1, causing connection
refused from cloudflared's mediator-tunnel container.

Note: 0.0.0.0 also exposes the mediator on all LAN interfaces.
Acceptable for local dev; avoid on shared/corporate networks.
---
 configs/dev.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/configs/dev.js b/configs/dev.js
index 7f2c72c1..c191b456 100644
--- a/configs/dev.js
+++ b/configs/dev.js
@@ -16,3 +16,9 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 // common paths
 config.paths.cache = path.join(__dirname, '..', '.cache');
 config.paths.log = path.join(os.tmpdir(), 'authn.localhost');
+
+// bind to all interfaces so Docker containers can reach the host via
+// host.docker.internal (which maps to 192.168.65.254, not loopback).
+// note: this also exposes the mediator on all LAN interfaces, not just
+// Docker's bridge — acceptable for local dev, avoid on shared networks.
+config.server.bindAddr = ['0.0.0.0'];