The mapbox_access_token is exposed as
mapbox_access_token = "pk.eyJ1Ijoic2hvcm5idWNrbGU5MyIsImEiOiJja2g5b3QxZnEwM3V3MnprM3gxZzlnMTlnIn0.U0IY_rRntdyeFAnW7bCSIQ"
in https://github.com/gcivil-nyu-org/match-a-pet/blob/develop/map/views.py
which can be used to do many things like breaking this functionality by exceeding free-tier rate limits and more.
Expected Behavior
API/access tokens of 3rd party services being used should not be publicly visible
The mapbox_access_token is exposed as
mapbox_access_token = "pk.eyJ1Ijoic2hvcm5idWNrbGU5MyIsImEiOiJja2g5b3QxZnEwM3V3MnprM3gxZzlnMTlnIn0.U0IY_rRntdyeFAnW7bCSIQ"in https://github.com/gcivil-nyu-org/match-a-pet/blob/develop/map/views.py which can be used to do many things like breaking this functionality by exceeding free-tier rate limits and more.Expected Behavior
API/access tokens of 3rd party services being used should not be publicly visible
Current Behavior
You can see the mapbox_access_token publicly
Ideas for Improvement
https://help.pythonanywhere.com/pages/environment-variables-for-web-apps/
Steps to Reproduce
Context (Environment)
One can use this key to completely break the map functionality from working on http://match-a-pet.herokuapp.com/maps/shelters/