Copilot commented on code in PR #328:
URL: https://github.com/apache/ozone-site/pull/328#discussion_r2784996978
##########
docusaurus.config.js:
##########
@@ -365,11 +372,10 @@ const config = {
darkTheme: darkCodeTheme,
additionalLanguages: ['bash'],
},
- // TODO HDDS-9566
algolia: {
- appId: "PLACEHOLDER",
- apiKey: "PLACEHOLDER",
- indexName: "PLACEHOLDER",
+ appId: "YQWKI4BIJ7",
Review Comment:
Consider adding a short inline comment near the Algolia config indicating
that the `apiKey` is intentionally a public/search-only key (and where it is
managed). This helps prevent someone from later swapping in a privileged key
and accidentally exposing it in the client bundle.
```suggestion
appId: "YQWKI4BIJ7",
// NOTE: This is an Algolia search-only/public API key, managed via
the Algolia dashboard.
```
##########
docusaurus.config.js:
##########
@@ -365,11 +372,10 @@ const config = {
darkTheme: darkCodeTheme,
additionalLanguages: ['bash'],
},
- // TODO HDDS-9566
algolia: {
- appId: "PLACEHOLDER",
- apiKey: "PLACEHOLDER",
- indexName: "PLACEHOLDER",
+ appId: "YQWKI4BIJ7",
+ apiKey: "47cd671112fb5e0363a4d9724beeb9d4",
+ indexName: "Apache Ozone website",
Review Comment:
The Algolia `apiKey` is being committed directly in the repo. In Docusaurus
this must be a *search-only/public* key (never an admin/write key). Please
confirm the key’s ACL is limited to search, scoped to only the required
index(es), and ideally restricted by allowed domains (e.g., ozone.apache.org);
otherwise rotate the key immediately and replace with a properly restricted
search key.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
