In anonymized view-only link, GitHub information is not anonymized #10717
Comments
|
This appears to be a significant issue with using GitHub for OSF. I'm adding a comment here to highlight this concern. @umhan35, it seems that the issue with accessing your OSF view-only repository has been resolved. Was this fixed, or is it working correctly for you now? |
|
@follhim I just reproduced this issue with the view-only link in the description, so it is not fixed. |
|
@umhan35 I see, and to be specific, it's not that the link can be opened (I cannot open the repository on github), but even when it says Not found error 404, it shows essentially the repository by looking at the website address: https://github.com/umhan35/weka-dt/tree/main when ideally, the link shouldn't be accessible at all. Right? |
Right. Because the GitHub username/profile reveals the identity of the OSF contributors. (BTW, I think the branch list should also be hidden in a view-only link) |
What you did (step by step)
Where does this happen on the OSF?
Anonymized view-only homepage of a project, e.g., https://osf.io/ga9w8/?view_only=3ec356c101944ec092c6badfbb0fb593
What you expected
The open button should not appear for people to go to the GitHub link
What actually happened
One can click the open button and find out information about the contributors of the OSF repo
Potential causes
Related code that may have caused this:
osf.io/addons/github/static/githubFangornConfig.js
Lines 283 to 291 in 3920a29
Suggest a solution
Similar to the hidden GitHub repo (username/repo-name) in a view-only link, as seen below, the Open button should also be hidden.
Final words
I think the branch list should also be hidden in a view-only link
The text was updated successfully, but these errors were encountered: