mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-06-04 10:19:29 +00:00
d20306cc4f
I reviewed the CodeQL alerts for `js/electron.js`: - [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25) https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25 - [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22) https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22 Both point to real bugs. - [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25): The window size fallback was written as a comma expression (`(800, 600)`), so it did not produce the expected object structure `{ width, height }`. I am not surprised it went unnoticed because it sits in a fallback path. - [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22): `...new Set(electronSwitchesDefaults, config.electronSwitches)` silently ignored the second parameter. As a result, custom `electronSwitches` were never applied. I am wondering: this has been broken since PR #2643 introduced it, so I'm quite sure it could not have worked as intended in that form. Why didn't anyone (not even @eouia) notice that? 🤔 ## Changes - Fix for [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25): - Corrects the fallback from `(800, 600)` to a valid size object `{ width: 800, height: 600 }`. - Fix for [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22): - Sets the default switch explicitly as a correct key-value pair: - `app.commandLine.appendSwitch("autoplay-policy", "no-user-gesture-required")` - Applies custom `config.electronSwitches` individually afterward.