Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Information disclosure in env-config file #427

Open
RaduCStefanescu opened this issue May 22, 2020 · 1 comment
Open

Information disclosure in env-config file #427

RaduCStefanescu opened this issue May 22, 2020 · 1 comment
Labels
api bug Something isn't working help wanted Extra attention is needed
Milestone
Launch V1.0

Comments

@RaduCStefanescu
Copy link
Contributor

When viewing the source page of https://prod.stamacasa.ro/env-config.js , an user is able to access the env-config.js of the application which may expose sensitive information about the build environment
@RaduCStefanescu RaduCStefanescu added bug Something isn't working help wanted Extra attention is needed api labels May 22, 2020
@Utwo
Copy link
Member

Utwo commented Jun 9, 2020

I think this is the same issue we had on date-la-zi see this commit

On frontend side, we should make a new artifact/docker image for every environment we need to have and inject all env configs on build time.

@RaduCStefanescu RaduCStefanescu added this to the Launch V1.0 milestone Jun 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
Launch V1.0
Development

No branches or pull requests
2 participants
@Utwo @RaduCStefanescu