Confidential module settings (cleint_id, client_secret) exposed on Mediaflow forms

Created on 6 February 2025, 24 days ago

Problem/Motivation

User/editor can see the confidential module settings in browser console.

The module exposes the whole settings array including client_id and client_secret which are accessible by typing drupalSettings.mediaflow in the browsers console.

Steps to reproduce

Go to the Add media item page (/media/add/mediaflow), open browser console and type drupalSettings.mediaflow.

Proposed resolution

Don't expose confidential data, use server-side requests when needed.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Active

Version

1.0

Component

User interface

Created by

🇵🇱Poland zambrey

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @zambrey
Comment 24 days ago →
🇵🇱Poland zambrey

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024