Skip to content

filter config.json before exposing it#1059

Merged
pStefanec merged 8 commits intodtq-devfrom
filter_exposed_config
Oct 28, 2025
Merged

filter config.json before exposing it#1059
pStefanec merged 8 commits intodtq-devfrom
filter_exposed_config

Conversation

@pStefanec
Copy link

@pStefanec pStefanec commented Oct 28, 2025

all properties not used by fronted are removed from config.json

Phases MP MM MB MR JM Total
ETA 0 0 0 0 0 0
Developing 0 0 0 0 0 0
Review 0 0 0 0 0 0
Total - - - - - 0
ETA est. 0
ETA cust. - - - - - 0

Problem description

Reported issues

Not-reported issues

Analysis

(Write here, if there is needed describe some specific problem. Erase it, when it is not needed.)

Problems

(Write here, if some unexpected problems occur during solving issues. Erase it, when it is not needed.)

@pStefanec pStefanec requested a review from Copilot October 28, 2025 09:26
@pStefanec pStefanec self-assigned this Oct 28, 2025
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements security hardening by filtering the configuration file before exposing it to the frontend. Instead of exposing the entire appConfig object, it creates a sanitized publicConfig that only includes properties actually needed by the frontend, reducing the attack surface and preventing unintended exposure of sensitive backend configuration details.

Key Changes:

  • Created a publicConfig object that explicitly whitelists frontend-required configuration properties
  • Replaced direct appConfig serialization with filtered publicConfig serialization
  • Added inline documentation explaining the purpose of each configuration section

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pStefanec pStefanec requested a review from Copilot October 28, 2025 09:33
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pStefanec pStefanec requested a review from Copilot October 28, 2025 09:46
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pStefanec pStefanec requested a review from Copilot October 28, 2025 09:57
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pStefanec and others added 3 commits October 28, 2025 11:13
@pStefanec
Using a conditional spread
35ce442 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@pStefanec
Using a conditional spread
6d7ee07 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@pStefanec
Using a conditional spread
997b691 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@pStefanec pStefanec requested a review from Copilot October 28, 2025 10:13
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@milanmajchrak milanmajchrak requested a review from Copilot October 28, 2025 10:17
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pStefanec
missing comma
4632d71 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@pStefanec pStefanec requested a review from Copilot October 28, 2025 10:21
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pStefanec pStefanec requested a review from Paurikova2 October 28, 2025 10:22
@pStefanec pStefanec merged commit 1fa478b into dtq-dev Oct 28, 2025
2 of 4 checks passed
This was referenced Oct 30, 2025
Merged
Merged
@kosarko kosarko mentioned this pull request Nov 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Paurikova2 Paurikova2 Paurikova2 approved these changes

@milanmajchrak milanmajchrak Awaiting requested review from milanmajchrak

Assignees

@pStefanec pStefanec

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pStefanec @Paurikova2 @PavolStefanec