Closed dave-mills closed 11 months ago
After moving to Browsershot::url() (see #137), there is a new exposed route that goes to the project show page. This is secured via html basic auth.
Browsershot::url()
We should review this and double check that it meets the required security standards and doesn't leave any exposed data.
Marked as done. Testing reveals no obvious entry points, though a refactoring to a more secure auth protocol may be wanted in future.
After moving to
Browsershot::url()
(see #137), there is a new exposed route that goes to the project show page. This is secured via html basic auth.We should review this and double check that it meets the required security standards and doesn't leave any exposed data.