[Security Issue] User email gets exposed.

[legacyxdd]

I found an important security vulnerability. The visitor can easily view the user's email using console network tab. I tried to fix this myself but couldn't find a solution. I think it needs to be fixed immediately, thanks!

[r2hu1]

haha i knew it actually i am thinking to add email in there profile where visitor can directly email them if they want

[r2hu1]

i am currently working on https://url-shrtner.vercel.app after it i will try but its not an bug its an upcoming feature 😁

[legacyxdd]

haha i knew it actually i am thinking to add email in there profile where visitor can directly email them if they want

ohh I understand, that's actually a good idea. Good luck on the new project.

[legacyxdd]

btw removing the email from NextResponse in api files doesn't seem to be working. I would be really happy if you can tell me an other way to fix it or I think I will be waiting for the update 🙌🙌

[r2hu1]

actually i checked it, the schema has email property thats why it is returning it but if you really wanto remove the email return everything except email in app/api/page/get/route.js like its returning return NextResponse.json({ data }, { status: 200 }); change it to {data.name, data.bio, ....continue} then it will not return email

[legacyxdd]

Hmm, when I do that it returns this error:
TypeError: Cannot read properties of undefined (reading 'image')
app(page)_components\UserSocials.jsx (42:44) @ image

(btw data.name ... gave syntax error, I did name, bio ...)

[legacyxdd]

and when I remove setImage(data.data.image); then it gives same error for name in here setName(data.data.name);

[legacyxdd]

Hey bro, I also fixed that issue by removing the email part from the data in the API.

How did you host the project on Vercel? When I try to host it, the API doesn't work at all.

[legacyxdd]

I still couldn't figure it out, searched on Google aswell but nothing familiar comes up. 😥

[r2hu1]

did you added the env variables in vercel project settings? make sure to redeploy after adding it

[legacyxdd]

Yes I added them when building, also redeployed the project now. The API still doesn't work, user profiles and dashboard doesn't load. 🤔

[r2hu1]

can i get the repo url?

[legacyxdd]

Hey bro really sorry for the late reply. I didn't had access to my pc.

Instead of the repo url, can you just tell me how you published this project on vercel? I did add my variables too but it doesn't work. I can access the site but the database can't be reached. (so user pages doesn't load)

[r2hu1]

i just imported this repository on vercel dashboard thats it and redeploy after adding env variables

[legacyxdd]

I did the exact same, but my api/get doesn't load. I can see this on chrome dev tools

An error occurred with your deployment
FUNCTION_INVOCATION_TIMEOUT

[legacyxdd]

I searched for it online but nothing solved the problem 🤔