[Security] Sensitive Information Logged in Console in Production

[atj393]

Description

Sensitive information, such as user details (e.g., names, emails, and session details), is currently being logged to the browser console in the production environment. This can pose a security and privacy risk, especially if someone gains access to these logs or if the data is inadvertently exposed.

Details

• Affected Data:
  • User profile information (e.g., name, email, location, and other sensitive fields).
  • Session details such as sessionUser objects, including GitHub profile information.

Steps to Reproduce

1. Navigate to the live application in a browser.
2. Open the browser's Developer Tools (F12 or Ctrl + Shift + I).
3. Go to the Console tab.
4. Log in as a user, and go to the profile page or dashboard.
5. Observe logs containing sensitive data in the console.

Expected Behavior

• No sensitive information (e.g., user emails, names, etc.) should be logged in the console, especially in a production environment.

Suggested Fix

• Remove or sanitize console logs to prevent sensitive data from being exposed.
• Ensure that logging is minimized or completely disabled in production builds.
• Use environment checks (e.g., process.env.NODE_ENV) to conditionally log messages only in development mode.

Impact

This issue affects user privacy and can expose sensitive information, which is a potential risk for users of the platform.

[atj393]

@A91y Can I take over this issue? Then could you assign it to me?

[A91y]

Go ahead @atj393