Fun read. sorry I was unable to attend the meeting.
Just took a quick look and was wondering how secret does the GitLab api key need to be?
If all is well we can update this function to save data to our repo. First
we need to pull in our private token and create a little string helper to
format the url the way GitLab's API expects.
const GL_PRIVATE_TOKEN = process.env.GL_PRIVATE_TOKEN
const path = 'src/db/'.replace(/\//g, '%2F')
GL_PRIVATE_TOKEN is an environment variable that I added directly in the
settings for the site on netlify.com. Netlify dev actually pulls these in locally
and makes them available which is pretty cool.
Looks like the PRIVATE token is in clear text in the javascript. (as clear text as minified javasript can be).
I'm guessing the GITLAB token has some kind of referrer option so it can only accepts requests from specific referrrs? (your netlify site and localhost?)
I've used render.com in a similar way. It also deploys directly from [REDACTED].
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Fun read. sorry I was unable to attend the meeting.
Just took a quick look and was wondering how secret does the GitLab api key need to be?
Looks like the PRIVATE token is in clear text in the javascript. (as clear text as minified javasript can be).
I'm guessing the GITLAB token has some kind of referrer option so it can only accepts requests from specific referrrs? (your netlify site and localhost?)
I've used
render.comin a similar way. It also deploys directly from [REDACTED].