[Bug] Pihole widget leaks auth token in API error messages

Question

[Bug] Pihole widget leaks auth token in API error messages

Nospamas opened this issue a month ago · comments

Nospamas commented a month ago

Before submitting, please confirm the following

I confirm this was discussed, and the maintainers suggest I open an issue (note that AI bots are not maintainers).
I am aware that if I create this issue without a discussion, it will be removed without a response.

Discussion Link

#3383

Additional context

When displaying API errors in homepage the full auth token is revealed due to it being passed as a query string.

Example error from homepage widget (auth token obfuscated):


    API Error: Unknown error
    URL: https://pihole2.cansk.net/admin/api.php?summaryRaw&auth=****
    Raw Error:
    {
        "code": "ECONNREFUSED"
    }

github-actions · Answer 1 · Thu May 30 2024 11:05:23 GMT+0800 (China Standard Time)

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion for related concerns. See our contributing guidelines for more details.