What does DANGEROUSLY_DISABLE_HOST_CHECK do?

In step 5 of the Getting Started guide I’m asked to add DANGEROUSLY_DISABLE_HOST_CHECK=true to .env

What does this do?

As a comment, for a flag with such an alarming name, we should explain this in the guide

Thanks for reporting, I fully agree that we need to clarify this or ideally switch to setting HOST which is not dangerous.

Now let me go into what the option does: yarn start will start a local proxy for development. This allows us to pretend the JSON API and the UI code are running on the same host and port which is important since browsers block cross-origin requests. This proxy checks the Host header for security reasons. This is the right thing to do for local development and works just fine there. However, in the case of Katacoda your Host header will point to some Katacoda host and not localhost so the check fails. As mentioned above, there is an option to configure the Host that the proxy expects so hopefully we can switch to that instead of disabling the check completely.

I’ve briefly played around with the HOST option but couldn’t get it to work. Afaict the issue is that katacoda has another proxy internally so we cannot make yarn start listen on the host that your browser will send in the header. So for now, adding an explanation is probably the best option.

I think that even explaining something like:

Note: this flag is only needed for the WebIDE tutorial and will not be used in local development. For more information see this question on the DAML discussion forum

will prevent eyebrow raising and serve a secondary purpose of clarifying where we have discussions (once this forum goes public)

Was this env variable removed? I can’t seem to find it in the docs now.

This is only required on katacoda and as far as I know it’s still in the instructions there.

Ahh okay this must have been changed, it’s no longer there.

It’s still there, just looks likes it is handled automatically for you now, e.g., daml-katacoda/4_start_ledger.sh at 3f49f1e8c5ed3fe30bbff29dd64875c011e38ee4 · digital-asset/daml-katacoda · GitHub.