search_api_key is exposed

  • Resolved scorpiock

    (@scorpiock)


    3 years, 7 months ago

    Hello,

    I just realized that search_api_key with the host is exposed on the page source which is a security risk. I am wondering if you are aware of it and any plan to mitigate this risk.

    Another issue – Lighthouse reports this error – Does not use passive listeners to improve scrolling performance

    It is in autocomplete.js?ver=1.6.6

    Thanks.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author CodeManas

    (@codemanas)

    3 years, 7 months ago

    Hello @scorpiock ,

    Exposing it is not a security risk since the search key is scoped to only the search end-point, it’s meant to be exposed so that the search requests can be made directly from the browser.

    Regarding the lighthouse report, we will update it if this really does hamper the performance.

    Regards,
    Code Manas

    Thread Starter scorpiock

    (@scorpiock)

    3 years, 7 months ago

    Thank you for the quick response.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘search_api_key is exposed’ is closed to new replies.