Apisix-dashboard: Backend API Cookie secret

Created on 17 Mar 2021  路  6Comments  路  Source: apache/apisix-dashboard

Bug report

Describe the bug

Hi all

I found in apisix-dashboard/api/internal/route.go, the cookie secret directly setting in the codebase, I think it may need to use api/conf/conf.yaml or env file to set it.
https://github.com/apache/apisix-dashboard/blob/master/api/internal/route.go#L58

image

backend bug good first issue

All 6 comments

cc @nic-chen @starsz to confirm.

oh, we don't use sessions, we could remove it.

ok, then it's not a high vulnerability issue? we could mark it as good first?

ok, then it's not a high vulnerability issue? we could mark it as good first?

It's not. This code is not used.

Good capture. @stu01509

I will fix it in tonight, please assign the issue to me.

Was this page helpful?
0 / 5 - 0 ratings