Open klugjo opened 6 years ago
The idea sounds great. Could you please explain how does this work from the security perspective?
I mean secrets are stored in the generated JavaScript that is downloaded to each blog viewer, right?
Also, is there any way for people without github account to post a comment?
@panzupa To be honest I haven't really gone much further than what's in the docs here wrt security: https://github.com/imsun/gitment#about-security
A lot of people seem to be using it without issues.
I guess you could write your own small proxy and store the secrets server side but that sort of goes against my idea of zero server maintenance for this blog.
Yes users need a github account to log in and comment which I guess is probably ok with 90%+ of my audience. Also github is a lot better at dealing with spam than Disqus or Facebook comments.
http://www.codeblocq.com/2018/05/Setup-gitment-on-your-Hexo-blog/