More secure defaults. #1004
More secure defaults. #1004
Conversation
|
Maybe the comments should reflect what the default value is when no address is given? |
Without config, listen only on looback interface. In sample config listen on any interface, but use an IP whitelist. Related to MagicMirrorOrg#950
config/config.js.sample
Outdated
| @@ -9,7 +9,11 @@ | |||
| */ | |||
|
|
|||
| var config = { | |||
| address: "localhost", | |||
| address: "", // Address to listen on, can be: | |||
There was a problem hiding this comment.
I think we need keep the localhost value for config sample... and only add comments here.
There was a problem hiding this comment.
Okay, sounds fine to me
There was a problem hiding this comment.
Will you update this in the PR?
|
I've been working on some test cases for these configuration options, but keep running into issues... https://github.com/qistoph/MagicMirror/tree/issue950_2 It seems that starting the app from the global namespace of mocha, leaves traces that influence later test cases. So I've tried to run them in a sandbox, but that is starting to be quite some work... https://github.com/qistoph/MagicMirror/tree/issue950_sandbox Do you maybe have any suggestions @roramirez ? |
As proposed in review
|
@qistoph why not use as e2e tests? |
|
I pushed the fix We need now fix the conflict with version tests. :) |
Related to #950. More secure suggestion.
Without config, listen only on looback interface. In sample config
listen on any interface, but use an IP whitelist.