Open umhan35 opened 2 months ago
follhim
commented
2 weeks ago This appears to be a significant issue with using GitHub for OSF. I'm adding a comment here to highlight this concern.
@umhan35, it seems that the issue with accessing your OSF view-only repository has been resolved. Was this fixed, or is it working correctly for you now?
umhan35
commented
2 weeks ago @follhim I just reproduced this issue with the view-only link in the description, so it is not fixed.
follhim
commented
2 weeks ago @umhan35 I see, and to be specific, it's not that the link can be opened (I cannot open the repository on github), but even when it says Not found error 404, it shows essentially the repository by looking at the website address:
https://github.com/umhan35/weka-dt/tree/main
when ideally, the link shouldn't be accessible at all. Right?
umhan35
commented
2 weeks ago when ideally, the link shouldn't be accessible at all. Right?
Right. Because the GitHub username/profile reveals the identity of the OSF contributors.
(BTW, I think the branch list should also be hidden in a view-only link)
What you did (step by step)
Where does this happen on the OSF?
Anonymized view-only homepage of a project, e.g., https://osf.io/ga9w8/?view_only=3ec356c101944ec092c6badfbb0fb593
What you expected
The open button should not appear for people to go to the GitHub link
What actually happened
One can click the open button and find out information about the contributors of the OSF repo
Potential causes
Related code that may have caused this:
https://github.com/CenterForOpenScience/osf.io/blob/3920a29ff5c92a45229e618931661cc5d0c8a08d/addons/github/static/githubFangornConfig.js#L283-L291
Suggest a solution
Similar to the hidden GitHub repo (username/repo-name) in a view-only link, as seen below, the Open button should also be hidden.
Final words
I think the branch list should also be hidden in a view-only link