metrik
metrik copied to clipboard
Credentials exposed in getProjectDetails api
Describe the bug Credentials exposed in getProjectDetails api, this may lead to a security issue.
To Reproduce Steps to reproduce the behavior:
- open Chrom DevTools, go to Network tab
- Select one GET /api/project/XXXX
- Hit Preview, there is crendential info in the pipeline list
Expected behavior Should hide crendential of the pipelines
Hi @minghao-wang, thanks for the feedback.
When we develop the application we tried to make it as minimal as possible, so we can deliver a usable version quickly, therefore, only data in the database was encrypted, and the responsibility of transport layer safety is leveraged to users. But now since we don't have pressure on a timeline I think we can make it better as you mentioned.