jmcvetta
commented
9 years ago I cringe at the thought of sending credentials in cleartext. But I concede, the warning is a bit verbose. PR accepted.
Thanks for contributing!
Closed AaronO closed 9 years ago
jmcvetta
commented
9 years ago I cringe at the thought of sending credentials in cleartext. But I concede, the warning is a bit verbose. PR accepted.
Thanks for contributing!
AaronO
commented
9 years ago @jmcvetta I agree as well, it's cringe worthy if someone is using it in production ...
But I think that's something developers should know, and if they don't be educated about. I don't think it's the library's role to educate developers.
The log pollution, and the disparity of output between dev and production environments was what was annoying me.
I'm using napping in https://github.com/GitbookIO/go-gitbook-api, so in production it hit's an https endpoint, but of course in development it's simply a local http endpoint.
(You could parse the host and check for localhost, but then you can cause edge case issues for users with custom domains in /etc/hosts).
If you want to educate developers about security in regards to web programming, you could write a GItBook ;)
It's the user's responsibility to ensure that he's hitting an
httpsendpoint, not the library's IMHO.Plus the
WARNING: *is very verbose in tests or logs.I would personally vote for it to be removed, or otherwise like above wrap it with the
.Logconditional