-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent apiKey being exposed in flash.message
output
#443
Comments
@alexhuang091 could you please code review this change? |
Hi Nick, I'll review it later today. |
Hi Nick, it's all good. |
alexhuang091
added a commit
that referenced
this issue
May 4, 2021
* #443 fixes for flash.message exposing apiKey * Revert "Fix jquery.i18n load errors" * release 3.0.5 Co-authored-by: Rita Chen <[email protected]> Co-authored-by: Nick dos Remedios <[email protected]> Co-authored-by: vjrj <[email protected]>
alexhuang091
added a commit
that referenced
this issue
May 4, 2021
* 3.0.5-SNAPSHOT * #443 fixes for flash.message exposing apiKey * Revert "Fix jquery.i18n load errors" * release 3.0.5 Co-authored-by: Rita Chen <[email protected]> Co-authored-by: Nick dos Remedios <[email protected]> Co-authored-by: vjrj <[email protected]>
alexhuang091
added a commit
that referenced
this issue
Sep 7, 2021
* #379 Records from DigiVol don't show "Flag an issue" button * updated version to 3.0.3-SNAPSHOT for next iteration * Feature/duplicate record (#429) Add duplicate assertion type to flag an issue * enhanced duplicate record flag (#431) * release 3.0.3 (#432) * version to 3.0.4-SNAPSHOT * #434 fix duplicate record facet labels Code formatting * Feature my annotation (#435) * allow user to subscribe to 'my annotation' alert when flagging an issue * Fix jquery.i18n load errors * $.param() doesn't format object correctly (#438) * Release/3.0.4 (#442) * 3.0.5-SNAPSHOT * #443 fixes for flash.message exposing apiKey * Revert "Fix jquery.i18n load errors" * Translation of Map legend button and pagination next and previous button * release 3.0.5 (#449) * 3.0.6-SNAPSHOT * AtlasOfLivingAustralia/la-pipelines#372 hide passed assertions by default * i18n en differentiate between duplicate_status and duplicate_type * Bugfix/la pipelines 445 dq profile category dialog display (#456) * AtlasOfLivingAustralia/la-pipelines#445 process array of filters rather then combined filter * AtlasOfLivingAustralia/la-pipelines#445 increase width of DQ profile modal * AtlasOfLivingAustralia/la-pipelines#372 removed test for data quality assertion code `1` * Fix for AtlasOfLivingAustralia/la-pipelines/issues/467 Fix for incorrect sort param for subsequent (paginated) calls for the species list column in EYA. * update biocache-hubs since backend now returns 404 when no record found. * Update README.md * fixed an issue in reading local json files * border-radius for active filters (#462) * wrap taxon name with "" * removed log code * clean log * AtlasOfLivingAustralia/la-pipelines#419 (#465) pass filters and descriptions as JSON array standardise display of filters for DQ profile and category * Release/3.0.6 (#468) * 3.0.7-SNAPSHOT * no strip . in taxon (#469) * handle the case where taxa query returns empty JSON object (404) (#472) * make 'disableAll' and 'expand' configurable (#473) * make 'disableAll' and 'expand' configurable * when 'quality profile' is changed, update drop-down immediately (#474) * use 'fa' for font-awesome 4.x * Issue 470 refine state selection (#476) advanced search UI refine: state list be populated per country selected * style changes to admin page for dq admin link (#477) * fixed a type in flag an issue error message (#478) * added sound file metadata and sound file link to record detail page. (#479) * explicitly set 'user_facets' as String in cookie (#480) * updated css style for #occurrenceSounds * updated message.properties * location display logic updated (#485) * Avh issue120 avh styling (#487) * remove some inline styles * updated left side panel dq filters display * fix the 'view excluded records' on left side panel doesn't work issue. * fix the 'filter details' not shown on left side panel issue * style change, left side panel dq spin * Issue 334 update ehcache (#488) updated to ehcache 3.0 * updated getJsonElements to handle JSON error better (#490) * removed persistence settings * release 3.0.7 Co-authored-by: Rita Chen <[email protected]> Co-authored-by: Nick dos Remedios <[email protected]> Co-authored-by: vjrj <[email protected]> Co-authored-by: alice.ainsa <[email protected]> Co-authored-by: Dave Martin <[email protected]> Co-authored-by: Bruce Hyslop <[email protected]> Co-authored-by: adam-collins <[email protected]>
alexhuang091
added a commit
that referenced
this issue
Sep 8, 2021
* #379 Records from DigiVol don't show "Flag an issue" button * updated version to 3.0.3-SNAPSHOT for next iteration * Feature/duplicate record (#429) Add duplicate assertion type to flag an issue * enhanced duplicate record flag (#431) * release 3.0.3 (#432) * version to 3.0.4-SNAPSHOT * #434 fix duplicate record facet labels Code formatting * Feature my annotation (#435) * allow user to subscribe to 'my annotation' alert when flagging an issue * Fix jquery.i18n load errors * $.param() doesn't format object correctly (#438) * Release/3.0.4 (#442) * 3.0.5-SNAPSHOT * #443 fixes for flash.message exposing apiKey * Revert "Fix jquery.i18n load errors" * Translation of Map legend button and pagination next and previous button * release 3.0.5 (#449) * 3.0.6-SNAPSHOT * AtlasOfLivingAustralia/la-pipelines#372 hide passed assertions by default * i18n en differentiate between duplicate_status and duplicate_type * Bugfix/la pipelines 445 dq profile category dialog display (#456) * AtlasOfLivingAustralia/la-pipelines#445 process array of filters rather then combined filter * AtlasOfLivingAustralia/la-pipelines#445 increase width of DQ profile modal * AtlasOfLivingAustralia/la-pipelines#372 removed test for data quality assertion code `1` * Fix for AtlasOfLivingAustralia/la-pipelines/issues/467 Fix for incorrect sort param for subsequent (paginated) calls for the species list column in EYA. * update biocache-hubs since backend now returns 404 when no record found. * Update README.md * fixed an issue in reading local json files * border-radius for active filters (#462) * wrap taxon name with "" * removed log code * clean log * AtlasOfLivingAustralia/la-pipelines#419 (#465) pass filters and descriptions as JSON array standardise display of filters for DQ profile and category * Release/3.0.6 (#468) * 3.0.7-SNAPSHOT * no strip . in taxon (#469) * handle the case where taxa query returns empty JSON object (404) (#472) * make 'disableAll' and 'expand' configurable (#473) * make 'disableAll' and 'expand' configurable * when 'quality profile' is changed, update drop-down immediately (#474) * use 'fa' for font-awesome 4.x * Issue 470 refine state selection (#476) advanced search UI refine: state list be populated per country selected * style changes to admin page for dq admin link (#477) * fixed a type in flag an issue error message (#478) * added sound file metadata and sound file link to record detail page. (#479) * explicitly set 'user_facets' as String in cookie (#480) * updated css style for #occurrenceSounds * updated message.properties * location display logic updated (#485) * Avh issue120 avh styling (#487) * remove some inline styles * updated left side panel dq filters display * fix the 'view excluded records' on left side panel doesn't work issue. * fix the 'filter details' not shown on left side panel issue * style change, left side panel dq spin * Issue 334 update ehcache (#488) updated to ehcache 3.0 * updated getJsonElements to handle JSON error better (#490) * removed persistence settings * release 3.0.7 (#493) * 3.0.8-SNAPSHOT * the converted value should be put back to map to be used somewhere else * updated 'exclude count' font style * release 3.0.8 Co-authored-by: Rita Chen <[email protected]> Co-authored-by: Nick dos Remedios <[email protected]> Co-authored-by: vjrj <[email protected]> Co-authored-by: alice.ainsa <[email protected]> Co-authored-by: Dave Martin <[email protected]> Co-authored-by: Bruce Hyslop <[email protected]> Co-authored-by: adam-collins <[email protected]>
djtfmartin
pushed a commit
that referenced
this issue
Dec 9, 2021
djtfmartin
pushed a commit
that referenced
this issue
Dec 9, 2021
brucehyslop
added a commit
that referenced
this issue
Jan 12, 2022
* develop: (51 commits) Revert "Merge branch 'develop' into epic/develop-branch-fix" cherry pick of commit brucehyslop@646c31f Translation of Map legend button and pagination next and previous button 3.0.6-SNAPSHOT release 3.0.5 (#449) #379 Records from DigiVol don't show "Flag an issue" button #443 fixes for flash.message exposing apiKey 3.0.5-SNAPSHOT Release/3.0.4 (#442) Fix jquery.i18n load errors Feature my annotation (#435) #434 fix duplicate record facet labels version to 3.0.4-SNAPSHOT release 3.0.3 (#432) enhanced duplicate record flag (#431) Feature/duplicate record (#429) updated version to 3.0.3-SNAPSHOT for next iteration Issue 245 - enhancement to batch taxon search tab (#523) added biosecurity user assertion biocache-hubs change due to backend changes (#521) ... # Conflicts: # grails-app/controllers/au/org/ala/biocache/hubs/ProxyController.groovy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also fixes issue where we are using
raw()
output which is a security risk.The text was updated successfully, but these errors were encountered: