-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sensitive values in the logs #39
Comments
Ah we did not knew that. |
Worst case scenario, it will leak the API key. While not ideal, all this gives access to is the ability to trigger a crawl, and I don't see many scenarii where this would be abused maliciously. |
This seems fairly important, has it been addressed? |
Does the
/api/1/netlify/crawl
response include any secure/sensitive values?The response might be printed by one of the following statements:
algoliasearch-netlify/plugin/src/index.ts
Line 81 in 601d32e
algoliasearch-netlify/plugin/src/index.ts
Line 91 in 601d32e
algoliasearch-netlify/plugin/src/index.ts
Line 99 in 601d32e
Netlify build logs are sometimes public, in which case there would be a risk for those sensitive values to be made public as well. However, if this endpoint does not respond with any sensitive values, then this is not a concern. I am raising this up just to be 100% sure :)
The text was updated successfully, but these errors were encountered: