akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: Prevent exposure of GotifyToken in JSON response for enhanced security

Browse Source
This commit is contained in:
GitHub Actions
2026-02-20 14:07:21 +00:00
parent 1d909afe41
commit 1e14dcd59c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/services/enhanced_security_notification_service.go
View File

@@ -41,7 +41,7 @@ type CompatibilitySettings struct {
DiscordWebhookURL string `json:"discord_webhook_url,omitempty"`
SlackWebhookURL string `json:"slack_webhook_url,omitempty"`
GotifyURL string `json:"gotify_url,omitempty"`
GotifyToken string `json:"gotify_token,omitempty"`
GotifyToken string `json:"-"` // Security: Never expose token in JSON (OWASP A02)
}
// MigrationMarker represents the migration state stored in settings table.