MagicMirror/js at 58c2a5e675a7d367b64d72e1d35680d202ff5c9f - MagicMirror - Gitea

kenmirrors/MagicMirror

mirror of https://github.com/MichMich/MagicMirror.git synced 2026-06-03 09:51:14 +00:00

Files

History

Kristjan ESPERANTO 58c2a5e675 fix(server): enforce ipWhitelist for Socket.IO too (#4169 )

ipWhitelist was only applied to HTTP routes, so Socket.IO module
namespaces could still be reached from disallowed clients.

This adds the same whitelist check to Socket.IO handshakes
(allowRequest), and reuses the same client IP resolution for both HTTP
and Socket.IO (forwarded IP is only trusted for loopback peers).

Also adds tests for handshake allow/deny and forwarded-header behavior.

Fixes: GHSA-w26r-fwg8-rcp3

2026-06-01 10:26:16 -05:00

..

alias-resolver.js

chore: update ESLint and plugins, simplify config, apply new rules (#4052 )

2026-03-07 08:34:28 -07:00

animateCSS.js

refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080 )

2026-04-02 08:56:27 +02:00

app.js

systeminformation thread not ending: move error handling from utils to app (#4160 )

2026-05-20 00:03:15 +02:00

check_config.js

change loading config.js, allow variables in config.js and try to protect sensitive data (#4029 )

2026-02-06 00:21:35 +01:00

defaults.js

add option to disable or restrict cors endpoint (#4087 )

2026-04-04 11:55:13 +02:00

deprecated.js

remove kioskmode (#4027 )

2026-02-06 00:09:59 +01:00

electron_helper.js

feat(electron): support object-based electronSwitches (#4161 )

2026-05-20 15:30:23 -05:00

electron.js

feat(electron): support object-based electronSwitches (#4161 )

2026-05-20 15:30:23 -05:00

http_fetcher.js

polish HTTP 304 docs/test/handling (#4129 )

2026-05-01 00:02:01 +02:00

ip_access_control.js

fix(server): enforce ipWhitelist for Socket.IO too (#4169 )

2026-06-01 10:26:16 -05:00

loader.js

refactor: use ES module imports in browser core (#4158 )

2026-05-18 19:58:44 +02:00

logger.js

refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080 )

2026-04-02 08:56:27 +02:00

main.js

refactor: use ES module imports in browser core (#4158 )

2026-05-18 19:58:44 +02:00

module.js

refactor: use ES module imports in browser core (#4158 )

2026-05-18 19:58:44 +02:00

node_helper.js

refactor: rewrite NodeHelper as an ES6 class (#4147 )

2026-05-08 19:45:47 +02:00

releasenotes.js

[core] auto create release notes with every push on develop (#3985 )

2025-12-10 11:56:31 -06:00

server_functions.js

fix replaceSecretPlaceholder (#4104 )

2026-04-12 00:46:10 +02:00

server.js

fix(server): enforce ipWhitelist for Socket.IO too (#4169 )

2026-06-01 10:26:16 -05:00

socketclient.js

refactor: use ES module imports in browser core (#4158 )

2026-05-18 19:58:44 +02:00

systeminformation.js

feat(systeminfo): include Git hash and branch in system information log (#4167 )

2026-05-27 23:25:49 +02:00

translator.js

refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080 )

2026-04-02 08:56:27 +02:00

utils.js

systeminformation thread not ending: move error handling from utils to app (#4160 )

2026-05-20 00:03:15 +02:00

vendor.js

simplify install and maintaining dependencies (#3795 )

2025-06-01 17:03:11 +02:00