search

tadeuzagallo / GithubPulse

OS X StatusBar app to help you remember to contribute every day on Github
http://tadeuzagallo.com/GithubPulse
MIT License
542 stars 20 forks source link

OS X Widget is counting private commits #37

Closed johnknaack closed 9 years ago

johnknaack commented 9 years ago

My OS X widget is currently counting private commits. It's happening in older versions also (v0.3.2). I'm not sure how the WebView has gotten authenticated to return the private repos in the SVG. I'm also not sure how to clear this so it only pulls the public version of the SVG. Is anyone else having this issue?

2015-01-30_10-08-17

johnknaack commented 9 years ago

It seems to now be sharing authentication with Safari. If I sign out of GitHub on Safari the widget returns to only showing public commits. It seems like new behavior though has I've been signed in to GitHub on Safari since I started using the widget.

tadeuzagallo commented 9 years ago

If you login on Github from Safari it'll show your prive commits, the same goes for the Chrome extension...

johnknaack commented 9 years ago

I guess I just didn't notice that happening the last few days or I just haven't been making many commits to my private repos. What a shame, I'm surprised Safari shares cookies with WebViews in other apps; Chrome extensions I can understand. It seems like Safari sharing cookies with any app that has a WebView could be exploited.

tadeuzagallo commented 9 years ago

It's not actually the WebView, since the request is made on the native app... but I don't know if it makes it better or worse...

johnknaack commented 9 years ago

Oh well, I guess I will just stay signed out in Safari for now. I assume this issue can be closed and/or combined with the issue for the chrome extension.