mirror of https://github.com/status-im/codimd.git
Use API key instead of clientSecret
As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
f23f403bcb
commit
ef86bf5cba
2
app.js
2
app.js
|
@ -33,7 +33,7 @@ var data = {
|
|||
urlpath: config.urlPath,
|
||||
debug: config.debug,
|
||||
version: config.version,
|
||||
GOOGLE_API_KEY: config.google.clientSecret,
|
||||
GOOGLE_API_KEY: config.google.apiKey,
|
||||
GOOGLE_CLIENT_ID: config.google.clientID,
|
||||
DROPBOX_APP_KEY: config.dropbox.appKey,
|
||||
allowedUploadMimeTypes: config.allowedUploadMimeTypes
|
||||
|
|
|
@ -104,6 +104,7 @@ module.exports = {
|
|||
appKey: undefined
|
||||
},
|
||||
google: {
|
||||
apiKey: undefined,
|
||||
clientID: undefined,
|
||||
clientSecret: undefined
|
||||
},
|
||||
|
|
|
@ -74,6 +74,7 @@ module.exports = {
|
|||
appKey: process.env.HMD_DROPBOX_APPKEY
|
||||
},
|
||||
google: {
|
||||
apiKey: process.env.HMD_GOOGLE_APIKEY,
|
||||
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
||||
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue