Comments (5)
@timoschwarzer Actually in a lot of business environments high end firewalls are scanning SSL traffic. https://www.sonicwall.com/en-us/support/knowledge-base/170505782716496 so everything gets logged and scanned creating quite a trail.
I'm actually working on an version that will walk you through generating a SSH key connection.
from gitlab-monitor.
Hi there! :)
You are right, tokens should not be passed as query parameters. But just for you information: When you use HTTPS, the only bottleneck will be the browser history and the server logs as query parameters are transport encrypted. If you use the hosted version at my website, it's just the browser history because I don't log URLs for that application.
There has been the idea to move the configuration to an extra file (e.g. config.json) and pass the path to that file as a query parameter. I just haven't had time to implement this and this would be happy to see a PR. :)
from gitlab-monitor.
Since you provide a docker image you might consider reading the gitlab api and private token from environment variables. In terms of security it's even worse, but setup is much easier for teams.
from gitlab-monitor.
@DailenG What do you think of prompting the user and saving the token to localStorage
?
from gitlab-monitor.
Whoop whoop! I worked the entire weekend to remake the configuration and add some features.
You can find the new release and instructions here: https://github.com/timoschwarzer/gitlab-monitor/releases/tag/1.7
I'll close this issue as the token is no longer passed as GET parameter.
from gitlab-monitor.
Related Issues (20)
- Add a Projects by Environments box HOT 3
- The dashboard only shows at most 20 projects. HOT 1
- Feature: Highlight retriggered jobs
- Don't show archived projects
- Feature: Show gitlab runner status HOT 4
- Support for pipelines for merge requests
- Missing documentation HOT 4
- Feature: Hide Configure if GITLAB_MONITOR_CONFIG present HOT 1
- Feature: only fetch pipelines for some branches
- Scheduled pipelines are not displayed HOT 2
- config.json security issue HOT 1
- "Merged Results Pipelines" not shown HOT 2
- How do we weed out unwanted displays HOT 1
- Adding custom styles HOT 2
- Not fetching or displaying all projects HOT 3
- OAuth2/OIDC Authentication HOT 7
- Button to clear Configuration HOT 1
- No error indication when API token is wrong
- Viewing jobs from downstream pipelines
- Not sure how to properly set GITLAB_MONITOR_CONFIG when running in docker HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitlab-monitor.