-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide api key in xhr-responses if key is configured in config.php #454
Conversation
Codecov Report
@@ Coverage Diff @@
## master #454 +/- ##
============================================
+ Coverage 53.17% 56.12% +2.95%
- Complexity 268 269 +1
============================================
Files 17 17
Lines 961 930 -31
============================================
+ Hits 511 522 +11
+ Misses 450 408 -42
Continue to review full report at Codecov.
|
1ced22c
to
a8eec47
Compare
@IljaN no UI changes needed ? would be good to add a bit more context when writing PRs, make sure to think about who will review it and what questions they'll have |
@PVince81 No, the existing frontend code seems to handle it pretty well. User is shown as Logged-In and change-api-key button is hidden. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Updated PR description |
If the api-key is configured via config.php the api-key is still leaked via XHR-Responses. This PR hides the API-Key in this case. Contrary to assumptions made in #453 the frontend does not need any changes as it seems to be able to handle the missing apiKey-field without errors.
Fixes #453