This is logged at critical level by supervisord because it is assumed as a critical security concern when running supervisord without authentication checks. This is safe to ignore as long as we do not allow HTTP access outside the container; it is configured to only listen to localhost, so it’s reasonable to run without HTTP authentication checks