For portability I work with a lot of software that hosts content on localhost, usually as HTTP/websocket servers.
My computer is connected to a LAN, so others can connect to it.
My question is, how can I be sure that my content is not public for all to see, but only local programs can access it?
I tried to do a bit of research but I am still confused. It seems hosting on 127.0.0.1 instead of 0.0.0.0 should be sufficient, or that it is possible to decide what hosts are allowed to connect when you open the socket, or that you need a full-fledged firewall (and then asking yourself what ports you want to block and deal with a lot of platform-dependent complexity), and I am not even sure where the Windows public/private network distinction stands on the issue. So I am amazed that I could not find a simple answer to such a simple question.
I am asking both for Windows and Linux hosts.
The software I am asking about consists mostly of "headless GUIs": python.http server, bokeh serve, Jupyter notebooks, Pluto.jl, node js express, etc...
And I would like to have the absolute certainty a local network peer cannot access my content even if they spoof their IP or something like that.