Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(gatsby-source-wordpress): don't leak auth details #32303

Merged
merged 4 commits into from
Jul 9, 2021
Merged

fix(gatsby-source-wordpress): don't leak auth details #32303

merged 4 commits into from
Jul 9, 2021

Conversation

wardpeet
Copy link
Contributor

@wardpeet wardpeet commented Jul 9, 2021

Description

Gatsby-brower is present in the gatsby-source-wordpress plugin. Gatsby leaks all pluginOptions inside gatsby-browser even if they are unused.
We remove this private information.

Documentation

Related Issues

@gatsbot gatsbot bot added the status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer label Jul 9, 2021
@wardpeet wardpeet added topic: source-wordpress Related to Gatsby's integration with WordPress and removed status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer labels Jul 9, 2021
@wardpeet
Copy link
Contributor Author

wardpeet commented Jul 9, 2021

@TylerBarnes I'm unsure why snapshots changed, I looked into the Wordpress instance and it has multiple menus so the new snapshot looks correct but unsure why

TylerBarnes
TylerBarnes approved these changes Jul 9, 2021
View reviewed changes
Copy link
Contributor

@TylerBarnes TylerBarnes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wardpeet I think the reason is our docker WP instance might have a leftover wp-basic-auth plugin which can use the same basic auth headers. Menu items are private unless the menu they're a part of is set to a location. If you're authenticated as a user (which isn't normally possible in WP w/ basic auth unless you install the plugin I mentioned) then you can view these menu items. Looks like that's what's happening here. I think that's ok 👌

@TylerBarnes TylerBarnes merged commit 4d7ec18 into master Jul 9, 2021
@TylerBarnes TylerBarnes deleted the feat/wordpress-auth-browser branch July 9, 2021 17:57
@TylerBarnes TylerBarnes added this to To cherry-pick in V3 Release Hotfixes via automation Jul 9, 2021
@gatsbybot gatsbybot mentioned this pull request Jul 9, 2021
Merged
vladar pushed a commit that referenced this pull request Jul 9, 2021
@wardpeet @vladar
fix(gatsby-source-wordpress): don't leak auth details (#32303)
418dce1 
(cherry picked from commit 4d7ec18)
@vladar vladar moved this from To cherry-pick to Backport PR opened in V3 Release Hotfixes Jul 9, 2021
@TylerBarnes TylerBarnes mentioned this pull request Jul 9, 2021
Merged
vladar pushed a commit that referenced this pull request Jul 9, 2021
@wardpeet
fix(gatsby-source-wordpress): don't leak auth details (#32303) (#32314)
ba421d7 
(cherry picked from commit 4d7ec18)

Co-authored-by: Ward Peeters <ward@coding-tech.com>
@vladar vladar moved this from Backport PR opened to Backported in V3 Release Hotfixes Jul 9, 2021
@TylerBarnes TylerBarnes mentioned this pull request Jul 12, 2021
Merged
@vladar vladar moved this from Backported to Published in V3 Release Hotfixes Jul 13, 2021
@pieh pieh mentioned this pull request May 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TylerBarnes TylerBarnes TylerBarnes approved these changes

Assignees
No one assigned
Labels
topic: source-wordpress Related to Gatsby's integration with WordPress
Projects
No open projects
V3 Release Hotfixes
Published
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wardpeet @TylerBarnes