Whiteboard: [pending secreview] → [pending secreview][triage needed]
Assignee: nobody → amuntner
Whiteboard: [pending secreview][triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Is there documentation for the JSON request/response? One thing we're interested in making sure of is security around what gets returned and rendered in the user's browser, the API call docs would help a lot. Also, I did some searching and I'm still not certain what api.github.com is, who hosts it, and who controls it to what extent. Could someone explain? Thank you!
Once I understand those things better I'll be able to complete the triage.
Thanks for the review, Adam. The main page for the GitHub API can be found at http://developer.github.com/v3/. The documentation for the JSON request/responses used in the code can be found at http://developer.github.com/v3/orgs/#get-an-organization and http://developer.github.com/v3/repos/#get. Regarding api.github.com, it is hosted by Github and is described at http://developer.github.com/v3/ as: "All API access is over HTTPS, and accessed from the api.github.com domain (or through yourdomain.com/api/v3/ for enterprise). All data is sent and received as JSON." Please let me know if you have any other questions.
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: 4 (P2) - Mozilla Initiative Operational: 2 - Normal User: 3 - Major Privacy: 4 - Critical Engineering: 1 - Minor Reputational: 1 - Minor Priority Score: 35
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:35:Medium]
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:35:Medium] → [pending secreview][start 2012-12-10][target 2012-12-10[score:35:Medium]
It looks safe to me. Can you loop us back in to take another look once you have it up on the site?
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start 2012-12-10][target 2012-12-10[score:35:Medium] → [secreview completed][start 2012-12-10][target 2012-12-10[score:35:Medium]
(In reply to Adam Muntner :adamm from comment #5) > It looks safe to me. Can you loop us back in to take another look once you > have it up on the site? Bob, can you look into this, with an authenticated call?
5 years ago
You need to log in before you can comment on or make changes to this bug.