Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

All credentials in config dir are public?? #95

Closed
nov opened this Issue · 5 comments

3 participants

Nov Matake Lance Pollard Jakub Arnold
Nov Matake

Seems tower.js copies all files in config dir to public/javascripts/config.
It makes these credentials public...
http://towerjs.org/javascripts/config/session.js
http://towerjs.org/javascripts/config/credentials.js

Lance Pollard lancejpollard closed this issue from a commit
Lance Pollard lancejpollard fixes #95 c5d93bc
Lance Pollard

Fixed, thanks for pointing out!

For those of you with existing apps, make sure you update your Watchfile:

https://github.com/viatropos/tower/blob/master/lib/tower/server/generator/generators/tower/app/templates/watch#L15

Specifically those 2 javascript sections.

Also, delete the files in ./public/javascripts/config.

Nov Matake

Cool.
Thanks for your quick fix ;)

Lance Pollard

Should make this more bullet proof, in case the Watchfile is changed or anything strange happens where those files are put in public. Maybe a regex or warning before git commit if there is a file in public matching a pattern. Or add to gitignore... Will keep in mind.

Nov Matake

Or just make them JSON files?

Jakub Arnold

:bomb: ... trollface.jpg

Dave Myron contentfree referenced this issue from a commit
Lance Pollard lancejpollard fixes #95 ddd9707
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.