More secure defaults.

Without config, listen only on looback interface. In sample config listen on any interface, but use an IP whitelist. Related to #950
MagicMirrorOrg · Sep 1, 2017 · 2f05228 · 2f05228
1 parent 763d835
commit 2f05228
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/config/config.js.sample b/config/config.js.sample
@@ -9,7 +9,10 @@
  */
 
 var config = {
-	address: "localhost",
+	address: "", // Address to listen on, can be
+	             // "localhost", "127.0.0.1", "::1" to listen on loopback interface
+	             // another specific IPv4/6 to listen on a specific interface
+	             // "", "0.0.0.0", "::" to listen on any interface
 	port: 8080,
 	ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1"], // Set [] to allow all IP addresses
 	                                                       // or add a specific IPv4 of 192.168.1.5 :

diff --git a/js/defaults.js b/js/defaults.js
@@ -8,7 +8,7 @@
  */
 
 var port = 8080;
-var address = ""; // Default to listening on all interfaces
+var address = "localhost";
 if (typeof(mmPort) !== "undefined") {
 	port = mmPort;
 }