-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Issue] User email gets exposed. #4
Comments
haha i knew it actually i am thinking to add email in there profile where visitor can directly email them if they want |
i am currently working on https://url-shrtner.vercel.app after it i will try but its not an bug its an upcoming feature 😁 |
ohh I understand, that's actually a good idea. Good luck on the new project. |
btw removing the email from NextResponse in api files doesn't seem to be working. I would be really happy if you can tell me an other way to fix it or I think I will be waiting for the update 🙌🙌 |
actually i checked it, the schema has email property thats why it is returning it but if you really wanto remove the email return everything except email in |
Hmm, when I do that it returns this error: (btw data.name ... gave syntax error, I did name, bio ...) |
and when I remove |
Hey bro, I also fixed that issue by removing the email part from the data in the API. How did you host the project on Vercel? When I try to host it, the API doesn't work at all. |
I still couldn't figure it out, searched on Google aswell but nothing familiar comes up. 😥 |
did you added the env variables in vercel project settings? make sure to redeploy after adding it |
Yes I added them when building, also redeployed the project now. The API still doesn't work, user profiles and dashboard doesn't load. 🤔 |
can i get the repo url? |
Hey bro really sorry for the late reply. I didn't had access to my pc. Instead of the repo url, can you just tell me how you published this project on vercel? I did add my variables too but it doesn't work. I can access the site but the database can't be reached. (so user pages doesn't load) |
i just imported this repository on vercel dashboard thats it and redeploy after adding env variables |
I did the exact same, but my api/get doesn't load. I can see this on chrome dev tools An error occurred with your deployment |
I searched for it online but nothing solved the problem 🤔 |
I found an important security vulnerability. The visitor can easily view the user's email using console network tab. I tried to fix this myself but couldn't find a solution. I think it needs to be fixed immediately, thanks!
The text was updated successfully, but these errors were encountered: