-
Notifications
You must be signed in to change notification settings - Fork 10.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(gatsby-source-wordpress): don't leak auth details #32303
Conversation
@TylerBarnes I'm unsure why snapshots changed, I looked into the Wordpress instance and it has multiple menus so the new snapshot looks correct but unsure why |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wardpeet I think the reason is our docker WP instance might have a leftover wp-basic-auth plugin which can use the same basic auth headers. Menu items are private unless the menu they're a part of is set to a location. If you're authenticated as a user (which isn't normally possible in WP w/ basic auth unless you install the plugin I mentioned) then you can view these menu items. Looks like that's what's happening here. I think that's ok 👌
(cherry picked from commit 4d7ec18)
Description
Gatsby-brower is present in the gatsby-source-wordpress plugin. Gatsby leaks all pluginOptions inside gatsby-browser even if they are unused.
We remove this private information.
Documentation
Related Issues