-
-
Notifications
You must be signed in to change notification settings - Fork 307
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to only allow specific origins #104
Comments
{
repository(owner: $owner, name: $name) {
object(expression: "HEAD:giscus.json") {
... on Blob {
text
}
}
}
} This would help us prevent something like utterance/utterances#523. |
Looks like we don't need to use the GraphQL API. We can just call something like https://api.github.com/repos/laymonage/giscus/contents/README.md and get decode the content. |
Sorry for the, probably, dumb question, but does it already exists a way to specify that I can allow only my |
@samarulmeu Hey, no, that's a good question. I'm still working on the feature, it's nearly done. I'm looking to push it this weekend. |
Sorry for the delay @samarulmeu, I was feeling unwell. It's implemented in #125, you can see the guide here. Please test it when you have the time. Thanks! |
@laymonage Thank you so much! This is a great news. I was waiting for this before implementing it on my blog. I will test it tomorrow. Take care of your health. It is the most important. |
Please tell me if I did something wrong. You can see the giscus.json file here, but I can still post comments from other domains (https://cttrl-git-fixednav-samarul.vercel.app). |
Hey @samarulmeu, thanks for the report. |
Thank you! Now it is working. I tested even the regex (the giscus example) and it is working. |
Utterances supports origin allowlisting using
utterances.json
. This is helpful to prevent unknown sites from using giscus with any user's repository discussions.The text was updated successfully, but these errors were encountered: