Clipper API listens only localhost, requesting to include local addresses

Joplin’s Clipper API is great to extend apps functionality but it only works if you are on the same machine since its only listening to localhost:41184 instead of 0.0.0.0:41184 like most apps do. I wanted to export booknotes from my e-reader but due to this limitation it’s not possible.
It works with tcp tunnelling but that is just a workaround.

    State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    
    LISTEN    0         5                  0.0.0.0:8000             0.0.0.0:*       
    LISTEN    0         128              127.0.0.1:41184            0.0.0.0:*       
    LISTEN    0         5                  0.0.0.0:41185            0.0.0.0:*       

ss -tl on my computer, first one is Python http server, second is Joplin

My proposition is making it listen on all IP’s. Implementation shouldn’t be too hard, while I’m not familiar with Javascript, its only changing numbers in Python. From security standpoint maybe it’s not good but auth token is there for a reason.

see also https://github.com/koreader/koreader/issues/5086

The auth token is meant to prevent rogue browser extensions from stealing or deleting user data, however it’s not secure enough to expose the server to internet.

If you don’t explicitly set your router to port forwarding it’s not internet, just private network.

I’m guessing from this topic / web clipper arthitecture, it isn’t possible to making it optional or reading from a file?

You can change the port on the cli app but not the ip it’s listening on. I’d accept a pr which adds an argument to set the ip on cli app.

This can easily be achieved using an ssh tunnel, as long as you have an SSH server somewhere on your network.

For example, on my Windows 10 machine I ran this from a WSL window (Ubuntu)

ssh -NR 192.168.179.2:51234:localhost:41184 user@192.168.179.2

This means that I am forwarding my local listening port 41184 to another machine, in this case 192.168.179.2, so that the remote machine now listens on port 51234.

I can now use the remote server to access all my notes.

For example,

curl http : // 192.168.179.2:51234 / ping
(I had to include spaces in this URL otherwise it seems the forum won't allow me to post this message)

Of course, if I had an SSH daemon running on my Windows computer, I could also achieve the above with a local tunnel, using -L instead of -R.

(By the way, I've just started using Joplin. I'm very impressed by the software and happy to be here . As from today, I'll be saying goodbye to Evernote, which has become ridiculously bloated and is broken on Android. While I'm writing this I'm importing all my old notes.)