mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-25 06:21:16 +00:00
Use API key instead of clientSecret
As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
f23f403bcb
commit
ef86bf5cba
3 changed files with 3 additions and 1 deletions
2
app.js
2
app.js
|
@ -33,7 +33,7 @@ var data = {
|
|||
urlpath: config.urlPath,
|
||||
debug: config.debug,
|
||||
version: config.version,
|
||||
GOOGLE_API_KEY: config.google.clientSecret,
|
||||
GOOGLE_API_KEY: config.google.apiKey,
|
||||
GOOGLE_CLIENT_ID: config.google.clientID,
|
||||
DROPBOX_APP_KEY: config.dropbox.appKey,
|
||||
allowedUploadMimeTypes: config.allowedUploadMimeTypes
|
||||
|
|
|
@ -104,6 +104,7 @@ module.exports = {
|
|||
appKey: undefined
|
||||
},
|
||||
google: {
|
||||
apiKey: undefined,
|
||||
clientID: undefined,
|
||||
clientSecret: undefined
|
||||
},
|
||||
|
|
|
@ -74,6 +74,7 @@ module.exports = {
|
|||
appKey: process.env.HMD_DROPBOX_APPKEY
|
||||
},
|
||||
google: {
|
||||
apiKey: process.env.HMD_GOOGLE_APIKEY,
|
||||
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
||||
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue