`Do you want the application "main" to accept incoming network connections?` pop up while running Go applications

macos network firewall

Every time I am running Go applications on MacOs with this command:

go run main.go

I get this pop up message: 

Do you want the application "main" to accept incoming network connections?

I added Go and all main executable files to Firewall Exceptions but I am still getting this pop ups. I am running out of ideas. Please can anyone help me to get rid of those pop ups? At this point I have no idea if the problem is related to Golang or MacOs.


Solution 1:

This is normal behaviour.

Each time you run go run main.go a new executable file is being created. This executable file is unique and unrecognised by macOS's security checks. Thus macOS asks, every time, for you to confirm if the new executable can have network access.

Build and Sign

To avoid the warning, you need to build the executable file once and codesign it. You can build the executable file using the command:

go build -o mycmd main.go

The resulting executable called mycmd can be run using:

./mycmd

To ad-hoc codesign this executable use:

codesign -s - mycmd

This will cause macOS to trust this build of mycmd on your Mac. The first time it is run, you will be asked for network access. Subsequent runs will not require network checks.

Solution 2:

You can avoid this pop-up when running local tests if you specify the host portion of the address that will be listened to to be "localhost" or "127.0.0.1". Many programs let you set the address through the command line or an environment variable and many of those programs will default to passing no host to the listen command. With no host specified, Go will listen on 0.0.0.0 and macOS will want to warn you about that. When Go opens ports on the localhost, macOS doesn't warn - at least not in my cases.

For example, instead of:

r := gin.Default()
r.Run()

you can write:

r := gin.Default()
r.Run("localhost:8080")

Solution 3:

Thanks to the answer by @WeakPointer above, I figured all we need to do in our code is to replace:

http.ListenAndServe(":8080", nil)

by:

http.ListenAndServe("localhost:8080", nil)

or if using a library like gin-gonic, replace:

r.Run()

by:

r.Run("localhost:8080")

Related

Windows 10 installation using Boot Camp crashes in iMac with 'system thread exception not handled (igdkmd64.sys)'
Why are Safari Extension toolbar icons blue?
How do I copy to the OSX clipboard from a remote shell using iTerm2?
What is `.file` in root boot volume for? [duplicate]
Firefox does not accept ⌃⌘Space keyboard shortcut for Emoji & Symbols
Apple Mail with Gmail Account (IMAP): Moving Mails from inbox to folders fails
Hide actual serial number from application
Replacement for Apple Music on macOS?
Can I collect fallen arrows that the skeletons shoot at blocks?
Change existing world to superflat (server)
Make a certain block unplaceable?
Is there any way to get the social events to happen more often?