dave-mills
commented
11 months ago Marked as done. Testing reveals no obvious entry points, though a refactoring to a more secure auth protocol may be wanted in future.
Closed dave-mills closed 11 months ago
dave-mills
commented
11 months ago Marked as done. Testing reveals no obvious entry points, though a refactoring to a more secure auth protocol may be wanted in future.
After moving to
Browsershot::url()(see #137), there is a new exposed route that goes to the project show page. This is secured via html basic auth.We should review this and double check that it meets the required security standards and doesn't leave any exposed data.