mirror of
https://github.com/tinode/chat.git
synced 2025-03-14 10:05:07 +00:00
clarify what not to report as security problems
This commit is contained in:
@ -2,6 +2,11 @@
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please report a vulnerability to security@tinode.co
|
||||
Please report a vulnerability to `security@tinode.co`.
|
||||
|
||||
## What not to report
|
||||
|
||||
* Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
|
||||
* Exposed `/pprof` or `/expvar`. We know they are exposed. It's intentional and harmless.
|
||||
* Exposed Prometheus metrics `/metrics`. Like above, it's intentional and harmless.
|
||||
|
||||
Please do not report Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
|
||||
|
Reference in New Issue
Block a user