cloudflare / cloudflare-plugin-frontend Goto Github PK
View Code? Open in Web Editor NEWA React/Redux front-end for Cloudflare's WordPress, Magento2, and cPanel plugins.
Home Page: https://cloudflare.com
A React/Redux front-end for Cloudflare's WordPress, Magento2, and cPanel plugins.
Home Page: https://cloudflare.com
Use something like https://github.com/depcheck/depcheck
v4 Login
https://github.com/cloudflare/cloudflare-plugin-frontend/blob/master/src/actions/user.js#L73
https://github.com/cloudflare/cloudflare-plugin-frontend/blob/master/src/utils/PluginAPI/PluginAPI.js#L29
Host API Create
https://github.com/cloudflare/cloudflare-plugin-frontend/blob/master/src/actions/user.js#L111
https://github.com/cloudflare/cloudflare-plugin-frontend/blob/master/src/utils/CFHostAPI/CFHostAPI.js#L62
I've checked purge cache by url and we do trim in that case. I don't recall any other input which would need trimming
It makes more sense to add it to frontend since we'll have this problem in all plugins.
We have multiple sites under the same CF account and we would like to use API Tokens to authenticate the Wordpress plugin to prevent a breach in one website to potentially cause drama in other ones.
When we restrict the token to only the zone of the website, the plugin GUI stops working with a "Forbidden" error in the bottom red bar. This defies the benefit of using API Tokens because the API Token for one website can edit any zone in the Cloudflare account.
Steps to recreate:
Upon further investigation, the request that fails is triggered by this function that tries to fetch all the zones in the connected account:
I tried to do the request manually with the restricted token and the response is:
{
"success":false,
"errors":[
{
"code":0,
"message":"Actor 'com.cloudflare.api.token...' requires permission 'com.cloudflare.api.account.zone.list' to list zones"
}
],
"messages":[],
"result":null
}
So if we set an API token to only access one zone, it will not have the ability to get the list of available zones. I'm not been able to grant that permission manually.
Can the error be catched and the package will provide a way to enter the zoneID manually?
This issue has been previously open in the wordpress-plugin repository:
cloudflare/Cloudflare-WordPress#255
The input field for API key on the login screen uses a regular text
type, instead of password
.
This dramatically increases the amount of places an API key is exposed.
For example browsers will show the full key as a form suggestion (image is with a revoked key).
I don't see a reason to not use a password type field here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.