Comments (2)
hanneskuettner
commented on June 17, 2024
You are indeed correct, all of the flow steps are redacted before being added to the revisions, by replacing all values found in the FLOWS_ENV_ALLOW_LIST environment variables (values) with their redacted counterparts, that would lead to this problem. So in your case I would presume that your COMETCHAT_REGION happens to be us and you're exposing that to your flows (which is a totally valid use case).
I wonder if this is a valid use case / request for some FLOWS_ENV_DONT_REDACT configuration?
I don't think this is easily fixable in the frontend, since we have the string --redacted:WHATEVER_ENV-- but don't know anything about the original.
To fix your problem, you can change your "Read organization user" operation key to something that does not contain "us" and you should be fine!
I'm gonna leave this open, as I can see some problems arising with this redaction if the value is something like a.
from directus.
franklaboris
commented on June 17, 2024
Thanks for your response.
FLOWS_ENV_DONT_REDACT would be a great addition
I'm wondering what's the use case for redacting the operation key. What is a possible security concern?
from directus.
Related Issues (20)
- [SDK] Custom Storage configuration sometimes causes errors
- Permission inconsitency HOT 1
- Permissions error when using pg_restore HOT 5
- Environment variables: AUTH_<PROVIDER>_FIRST_NAME_KEY and AUTH_<PROVIDER>_LAST_NAME_KEY do not work HOT 2
- ERRNO 1 : SQLITE error when trying to crop or edit an image. HOT 1
- ROUTE_NOT_FOUND - Verify a Registration HOT 4
- Cannot load extension bundle on windows after updating Directus from 10.8.3 to 10.11.1 HOT 2
- Implement `meta` support in the SDK
- TypeError : Invalid URL, when loading directus bundle extension in directus version 10.11.2 on windows HOT 5
- Setting a preset for all users isn't working properly.
- Upload file via API returns 204 and empty body
- M2M uses wrong relation if two M2M relations use the same junction table
- Unable to Promote Version HOT 2
- Showing a nice structured JSON in "Log to Console" Logs HOT 1
- Throw errors when present from sdk
- How to create or delete user by only admin approval HOT 1
- why I am use .with(staticToken('staticToken')) tip Invalid user credentials HOT 3
- Manual sorting in M2M interface table layout is not obvious HOT 2
- Graphql errors getting swallowed by the SDK
- Applying a schema does not seem to invalidate the schema cache HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from directus.