Closed johnknaack closed 9 years ago
It seems to now be sharing authentication with Safari. If I sign out of GitHub on Safari the widget returns to only showing public commits. It seems like new behavior though has I've been signed in to GitHub on Safari since I started using the widget.
If you login on Github from Safari it'll show your prive commits, the same goes for the Chrome extension...
I guess I just didn't notice that happening the last few days or I just haven't been making many commits to my private repos. What a shame, I'm surprised Safari shares cookies with WebViews in other apps; Chrome extensions I can understand. It seems like Safari sharing cookies with any app that has a WebView could be exploited.
It's not actually the WebView, since the request is made on the native app... but I don't know if it makes it better or worse...
Oh well, I guess I will just stay signed out in Safari for now. I assume this issue can be closed and/or combined with the issue for the chrome extension.
My OS X widget is currently counting private commits. It's happening in older versions also (v0.3.2). I'm not sure how the WebView has gotten authenticated to return the private repos in the SVG. I'm also not sure how to clear this so it only pulls the public version of the SVG. Is anyone else having this issue?