n4bb12
commented
1 year ago Any idea how I can get the workflows to run?
Closed sjoerddal-pti closed 1 year ago
n4bb12
commented
1 year ago Any idea how I can get the workflows to run?
sjoerddal-pti
commented
1 year ago Any idea how I can get the workflows to run?
Not sure why they're not starting, I've tried updating my main branch with this repo but they don't seem to start still.
I was setting up verdaccio and saw this awesome plugin for integrating with GitHub auth. After setting it up all was working well but one thing bugged me: my NPM tokens were clearly visible in verdaccio's logs. This is because the auth callback redirects you with query parameters to the main page, causing the token to be logged as part of a GET request.
This PR aims to prevent logging tokens in verdaccio's (and any other proxy it may be running behind) logs. It does this by setting a few temporary cookies that are accessible only to JS. JS will then wipe them after saving them to local storage so auth keeps working as normal from there.
I've tested this on the instance I'm setting up and it seems to work fine but the cookie clearing logic may have to be refined if verdaccio ever decides to set cookies visible to JS.