YOSHIDA Katsuhiko

icon indicating a website link https://kyoshida.jp icon indicating an email [email protected]

icon company @jmty icon location Japan, Yokohama icon location Runner, Swimmer, Cyclist, and Software Developer

Results 6 issues of YOSHIDA Katsuhiko

Clear Authorization header when redirecting to cross-site

I think that Authorization header should not be forwarded to cross-site when redirecting. The administrator of the site that the victim accesses by the redirect can get the secret information....

Clear sensitive headers when redirecting to cross-site

Sensitive headers (Authorization and Cookie) are sent to cross-site when redirecting. For example, an original target URL is http://example.com and redirect to http://example.jp (cross-site). The sample code is the following....

Improving Test Coverage

Now, the test is so cheap. It might be better to refactor.

Failed to test due to so many API requests

For instance, [this builds log](https://travis-ci.org/kyoshidajp/ghkw/builds/336910974?utm_source=github_status&utm_medium=notification). According to GitHub API Document, > For requests using Basic Authentication or OAuth, you can make up to 5000 requests per hour. For more detail,...

wontfix

Add open on Merge Request link in brower

2 comment

Hi. I added function that open Merge Request link in browser. It's like a function "Open on GitLab". Difference is open Merge Request link on current line. And I changed...

Use ruby/setup-ruby

`actions/setup-ruby` is already [deprecated](https://github.com/actions/setup-ruby).