Skip to content

fix(gatsby-source-wordpress): don't leak auth details#32303

Merged
TylerBarnes merged 4 commits intomasterfrom
feat/wordpress-auth-browser
Jul 9, 2021
Merged

fix(gatsby-source-wordpress): don't leak auth details#32303
TylerBarnes merged 4 commits intomasterfrom
feat/wordpress-auth-browser

Conversation

@wardpeet
Copy link
Copy Markdown
Contributor

@wardpeet wardpeet commented Jul 9, 2021

Description

Gatsby-brower is present in the gatsby-source-wordpress plugin. Gatsby leaks all pluginOptions inside gatsby-browser even if they are unused.
We remove this private information.

Documentation

Related Issues

@gatsbot gatsbot Bot added the status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer label Jul 9, 2021
@wardpeet wardpeet added topic: source-wordpress Related to Gatsby's integration with WordPress and removed status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer labels Jul 9, 2021
@wardpeet
Copy link
Copy Markdown
Contributor Author

wardpeet commented Jul 9, 2021

@TylerBarnes I'm unsure why snapshots changed, I looked into the Wordpress instance and it has multiple menus so the new snapshot looks correct but unsure why

TylerBarnes
TylerBarnes approved these changes Jul 9, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@TylerBarnes TylerBarnes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wardpeet I think the reason is our docker WP instance might have a leftover wp-basic-auth plugin which can use the same basic auth headers. Menu items are private unless the menu they're a part of is set to a location. If you're authenticated as a user (which isn't normally possible in WP w/ basic auth unless you install the plugin I mentioned) then you can view these menu items. Looks like that's what's happening here. I think that's ok 👌

@TylerBarnes TylerBarnes merged commit 4d7ec18 into master Jul 9, 2021
@TylerBarnes TylerBarnes deleted the feat/wordpress-auth-browser branch July 9, 2021 17:57
@gatsbybot gatsbybot mentioned this pull request Jul 9, 2021
Merged
vladar pushed a commit that referenced this pull request Jul 9, 2021
@wardpeet @vladar
fix(gatsby-source-wordpress): don't leak auth details (#32303)
418dce1 
(cherry picked from commit 4d7ec18)
@TylerBarnes TylerBarnes mentioned this pull request Jul 9, 2021
Merged
vladar pushed a commit that referenced this pull request Jul 9, 2021
@wardpeet
fix(gatsby-source-wordpress): don't leak auth details (#32303) (#32314)
ba421d7 
(cherry picked from commit 4d7ec18)

Co-authored-by: Ward Peeters <ward@coding-tech.com>
@TylerBarnes TylerBarnes mentioned this pull request Jul 12, 2021
Merged
@pieh pieh mentioned this pull request May 22, 2023
Merged
raffishquartan pushed a commit to raffishquartan/gatsby that referenced this pull request Apr 28, 2026
@wardpeet
fix(gatsby-source-wordpress): don't leak auth details (gatsbyjs#32303)
9807a8a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@TylerBarnes TylerBarnes TylerBarnes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

topic: source-wordpress Related to Gatsby's integration with WordPress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wardpeet @TylerBarnes @vladar