Open klugjo opened 6 years ago
serverlesspolska
commented
6 years ago The idea sounds great. Could you please explain how does this work from the security perspective?
I mean secrets are stored in the generated JavaScript that is downloaded to each blog viewer, right?
serverlesspolska
commented
6 years ago Also, is there any way for people without github account to post a comment?
klugjo
commented
6 years ago @panzupa To be honest I haven't really gone much further than what's in the docs here wrt security: https://github.com/imsun/gitment#about-security
A lot of people seem to be using it without issues.
I guess you could write your own small proxy and store the secrets server side but that sort of goes against my idea of zero server maintenance for this blog.
Yes users need a github account to log in and comment which I guess is probably ok with 90%+ of my audience. Also github is a lot better at dealing with spam than Disqus or Facebook comments.
http://www.codeblocq.com/2018/05/Setup-gitment-on-your-Hexo-blog/