Created by: gaearon
The newly added host check (https://github.com/webpack/webpack-dev-server/issues/887, explanation) is significantly disruptive to people’s workflows (https://github.com/facebookincubator/create-react-app/issues/2271, https://github.com/facebookincubator/create-react-app/issues/2233), especially in legit use cases like cloud editors (https://github.com/facebookincubator/create-react-app/issues/2271#issuecomment-302872631).
I think only enabling the host check for proxy users is a reasonable compromise because unlike WDS, we only serve files in public folder by default which the user has consented to... being public. Of course, with proxy enabled this is still dangerous, so we enable the host check in this case.
For people who use proxy with a non-localhost development server, we recommend specifying the HOST in .env.development file. It gets passed as the public option to WDS. This solves the problem nicely for most remaining cases.
Finally, this adds a way to completely opt out of the host checks by adding DANGEROUSLY_DISABLE_HOST_CHECK=true to .env.development.local in case you are not worried about attacks (which could be the case if you’re using a cloud editor and don’t have sensitive data) and just can’t get it to work otherwise.