mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-05-08 21:58:33 +00:00
fb41d24ef5
## Release Notes Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9 > ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release) [Compare to previous Release v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0) This release falls outside the quarterly schedule. We opted for an early release due to: - Security fix for the internal cors proxy - API change of the weather provider smi - Several bug fixes ### Breaking Changes The cors proxy is now disabled by default. If required, it must be explicitly enabled in the `config.js` file. See the [documentation](https://docs.magicmirror.builders/configuration/cors.html). ### ⚠️ Security You can find several publicly accessible MagicMirror² instances. This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release. Public MagicMirror² instances should always run behind a reverse proxy with authentication. ### [core] - Prepare Release 2.36.0 (#4126) - Allow HTTPFetcher to pass through 304 responses (#4120) - fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113) - config endpoint must handle functions in module configs (#4106) - fix replaceSecretPlaceholder (#4104) - restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102) - fix: prevent crash when config is undefined in socket handler (#4096) - fix cors function for alpine linux (#4091) - fix(cors): prevent SSRF via DNS rebinding (#4090) - add option to disable or restrict cors endpoint (#4087) - fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084) - chore: add permissions section to enforce pull-request rules workflow (#4079) - update version for develop ### [dependencies] - update dependencies (#4124) - chore: update dependencies (#4088) - refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080) ### [modules/newsfeed] - fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083) ### [modules/updatenotification] - fix(updatenotification): harden git command execution + simplify checkUpdates (#4115) - fix(tests): correct import path for git_helper module in updatenotification tests (#4078) ### [modules/weather] - fix(weather): use nearest openmeteo hourly data (#4123) - fix(weather): avoid loading state after reconnect (#4121) - weather: fix UV index display and add WeatherFlow precipitation (#4108) - fix(weather): restore OpenWeatherMap v2.5 support (#4101) - fix(weather): use stable instanceId to prevent duplicate fetchers (#4092) - SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082) ### [testing] - ci(actions): set explicit token permissions (#4114) - fix(http_fetcher): use undici.fetch when dispatcher is present (#4097) - ci(codeql): also scan develop branch on push and PR (#4086) - refactor: replace implicit global config with explicit global.config (#4085) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sam detweiler <sdetweil@gmail.com> Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com> Co-authored-by: Veeck <github@veeck.de> Co-authored-by: veeck <gitkraken@veeck.de> Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com> Co-authored-by: Nathan <n8nyoung@gmail.com> Co-authored-by: mixasgr <mixasgr@users.noreply.github.com> Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr> Co-authored-by: Konstantinos <geraki@gmail.com> Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com> Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com> Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com> Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr> Co-authored-by: Koen Konst <koenspero@gmail.com> Co-authored-by: Koen Konst <c.h.konst@avisi.nl> Co-authored-by: dathbe <github@beffa.us> Co-authored-by: Marcel <m-idler@users.noreply.github.com> Co-authored-by: Kevin G. <crazylegstoo@gmail.com> Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com> Co-authored-by: Jboucly <contact@jboucly.fr> Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com> Co-authored-by: Jordan Welch <JordanHWelch@gmail.com> Co-authored-by: Blackspirits <blackspirits@gmail.com> Co-authored-by: Samed Ozdemir <samed@xsor.io> Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com> Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com> Co-authored-by: cgillinger <christian.gillinger@gmail.com> Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com> Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
86 lines
2.4 KiB
JavaScript
86 lines
2.4 KiB
JavaScript
/* global mmPort */
|
|
|
|
const address = "localhost";
|
|
let port = 8080;
|
|
if (typeof mmPort !== "undefined") {
|
|
port = mmPort;
|
|
}
|
|
const defaults = {
|
|
address: address,
|
|
port: port,
|
|
basePath: "/",
|
|
electronOptions: {},
|
|
ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1"],
|
|
cors: "disabled", // or "allowAll" or "allowWhitelist"
|
|
corsDomainWhitelist: [], // example: ["api.mapbox.com"]
|
|
|
|
language: "en",
|
|
logLevel: ["INFO", "LOG", "WARN", "ERROR"],
|
|
timeFormat: 24,
|
|
units: "metric",
|
|
zoom: 1,
|
|
customCss: "config/custom.css",
|
|
foreignModulesDir: "modules",
|
|
defaultModulesDir: "defaultmodules",
|
|
hideConfigSecrets: false,
|
|
// httpHeaders used by helmet, see https://helmetjs.github.io/. You can add other/more object values by overriding this in config.js,
|
|
// e.g. you need to add `frameguard: false` for embedding MagicMirror in another website, see https://github.com/MagicMirrorOrg/MagicMirror/issues/2847
|
|
httpHeaders: { contentSecurityPolicy: false, crossOriginOpenerPolicy: false, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: false, originAgentCluster: false },
|
|
|
|
// properties for checking if server is alive and has same startup-timestamp, the check is per default enabled
|
|
// (interval 30 seconds). If startup-timestamp has changed the client reloads the magicmirror webpage.
|
|
checkServerInterval: 30 * 1000,
|
|
reloadAfterServerRestart: false,
|
|
|
|
modules: [
|
|
{
|
|
module: "updatenotification",
|
|
position: "top_center"
|
|
},
|
|
{
|
|
module: "helloworld",
|
|
position: "upper_third",
|
|
classes: "large thin",
|
|
config: {
|
|
text: "MagicMirror²"
|
|
}
|
|
},
|
|
{
|
|
module: "helloworld",
|
|
position: "middle_center",
|
|
config: {
|
|
text: "Please create a config file or check the existing one for errors."
|
|
}
|
|
},
|
|
{
|
|
module: "helloworld",
|
|
position: "middle_center",
|
|
classes: "small dimmed",
|
|
config: {
|
|
text: "See README for more information."
|
|
}
|
|
},
|
|
{
|
|
module: "helloworld",
|
|
position: "middle_center",
|
|
classes: "xsmall",
|
|
config: {
|
|
text: "If you get this message while your config file is already created,<br>" + "it probably contains an error. To validate your config file run in your MagicMirror² directory<br>" + "<pre>node --run config:check</pre>"
|
|
}
|
|
},
|
|
{
|
|
module: "helloworld",
|
|
position: "bottom_bar",
|
|
classes: "xsmall dimmed",
|
|
config: {
|
|
text: "https://magicmirror.builders/"
|
|
}
|
|
}
|
|
]
|
|
};
|
|
|
|
/*************** DO NOT EDIT THE LINE BELOW ***************/
|
|
if (typeof module !== "undefined") {
|
|
module.exports = defaults;
|
|
}
|