Open darraghoriordan opened 1 year ago
Hey,
It looks like the link that is posted in new issue bodies leaks the session of the first commenter?
I can click on that link, and if the person is still logged in to github via utterances, i can post a comment as them.
The link that the bot creates for issue bodies should not include the "utterances=" query string containing the session??
That link should not have the "utterances=" query param
Did you solve problem? I have still issue too.
Hey, I didn't. I just removed it from my site.
Hey,
It looks like the link that is posted in new issue bodies leaks the session of the first commenter?
I can click on that link, and if the person is still logged in to github via utterances, i can post a comment as them.
The link that the bot creates for issue bodies should not include the "utterances=" query string containing the session??