[Bug] Pihole widget leaks auth token in API error messages
Nospamas opened this issue · comments
Before submitting, please confirm the following
- I confirm this was discussed, and the maintainers suggest I open an issue (note that AI bots are not maintainers).
- I am aware that if I create this issue without a discussion, it will be removed without a response.
Discussion Link
Additional context
When displaying API errors in homepage the full auth token is revealed due to it being passed as a query string.
Example error from homepage widget (auth token obfuscated):
API Error: Unknown error
URL: https://pihole2.cansk.net/admin/api.php?summaryRaw&auth=****
Raw Error:
{
"code": "ECONNREFUSED"
}
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion for related concerns. See our contributing guidelines for more details.