Skip to content
This repository has been archived by the owner on Sep 16, 2019. It is now read-only.

Private Github API access token in FoundationPress? #1179

Closed
Aetles opened this issue Dec 5, 2017 · 3 comments
Closed

Private Github API access token in FoundationPress? #1179

Aetles opened this issue Dec 5, 2017 · 3 comments
Assignees
@olefredrik
Labels
question

Comments

@Aetles
Copy link
Contributor

Aetles commented Dec 5, 2017

In https://github.com/olefredrik/FoundationPress/blob/master/src/assets/js/lib/demosite.js there is an access token committed on line 5.

Maybe I'm misreading this code, but isn't that a private Github API access token? Is that supposed to be part of FoundationPress?
@colin-marshall
Copy link
Collaborator

@Aetles good spot. While on this topic, I have wondered if it would be possible for @olefredrik to somehow keep the demo site in his own repo and while having it removed from the main GitHub repo. Maybe he could just keep the demo site in a separate local branch and merge in updates from master?

@olefredrik olefredrik mentioned this issue Dec 15, 2017
Merged
@olefredrik
Copy link
Owner

I realize that it's bad practice to push a Github API Access token to a public repo. And it should never have been pushed to the master branch in the first place. That said, Github has a built-in security mechanism that automatically revokes the token, when this happens.

Thanks for the heads up 👍

@Aetles
Copy link
Contributor Author

Aetles commented Dec 15, 2017

That said, Github has a built-in security mechanism that automatically revokes the token, when this happens.

Didn't know that, good!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@olefredrik olefredrik

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Aetles @olefredrik @colin-marshall