Infrastructure: Flask dev server used in production (start.sh) #575
Description
Description
start.sh:21 uses Flask's built-in development server for production:
exec flask --app api/index.py run --host "${HOST:-0.0.0.0}" --port "${PORT:-5000}" ${FLASK_DEBUG:+--debug}Flask's dev server is single-threaded, not hardened for production, and has known security warnings.
Suggested Fix
Use Gunicorn (or another production WSGI server):
exec gunicorn -w 4 -b "${HOST:-0.0.0.0}:${PORT:-5000}" 'api.index:app'Context
Found during code review of PR #522.