Thing is, if you can establish an SSH connection to the target machine, you can easily tunnel HTTP over that. And it doesn't need to have a dedicated web server service for that; the app can embed a localhost-only HTTP server directly.
One could argue that this is extra complexity... but I don't think this argument flies in comparison to "React for CLI", especially once you take into account all the dependencies.
It's largely pointless to forbid it because once you have a byte stream (which you obviously do with ssh), you can tunnel whatever you want over it anyway. SSH own docs even point this out; man sshd_config(5):
"Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders."
One could argue that this is extra complexity... but I don't think this argument flies in comparison to "React for CLI", especially once you take into account all the dependencies.