-
Notifications
You must be signed in to change notification settings - Fork 277
Open
Description
What is the current behavior?
API_KEY is passed to the frontend via HTTP request, and is easily accessible.
Steps to reproduce
Load the page, open Network tab and check /authenticate request. The API key is in plain text in the body of the response.
Expected behaviour
API_KEY should not be exposed.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels