Skip to content

Feature/maplibre frontend #1953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 30 commits into
base: dev
Choose a base branch
from
Open

Feature/maplibre frontend #1953

wants to merge 30 commits into from
+72,205 −135

Conversation

@Freika
Copy link
Owner

@Freika Freika commented Nov 16, 2025

No description provided.

@coderabbitai
Copy link

coderabbitai bot commented Nov 16, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feature/maplibre-frontend

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 29, 2025
View reviewed changes
app/controllers/api/v1/points_controller.rb
.where(timestamp: start_at..end_at)

# Filter by geographic bounds if provided
if params[:min_longitude].present? && params[:max_longitude].present? &&

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb
.where(timestamp: start_at..end_at)

# Filter by geographic bounds if provided
if params[:min_longitude].present? && params[:max_longitude].present? &&

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb

# Filter by geographic bounds if provided
if params[:min_longitude].present? && params[:max_longitude].present? &&
params[:min_latitude].present? && params[:max_latitude].present?

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb

# Filter by geographic bounds if provided
if params[:min_longitude].present? && params[:max_longitude].present? &&
params[:min_latitude].present? && params[:max_latitude].present?

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb
# Filter by geographic bounds if provided
if params[:min_longitude].present? && params[:max_longitude].present? &&
params[:min_latitude].present? && params[:max_latitude].present?
min_lng = params[:min_longitude].to_f

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb
if params[:min_longitude].present? && params[:max_longitude].present? &&
params[:min_latitude].present? && params[:max_latitude].present?
min_lng = params[:min_longitude].to_f
max_lng = params[:max_longitude].to_f

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
app/controllers/api/v1/points_controller.rb
params[:min_latitude].present? && params[:max_latitude].present?
min_lng = params[:min_longitude].to_f
max_lng = params[:max_longitude].to_f
min_lat = params[:min_latitude].to_f

Check warning

Code scanning / CodeQL

Sensitive data read from GET request Medium

Route handler
Loading
for GET requests uses query parameter as sensitive data.
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 1, 2025
View reviewed changes
app/javascript/maps_maplibre/services/api_client.js

const url = `${this.baseURL}/photos?${params}`
console.log('[ApiClient] Fetching photos from:', url)
console.log('[ApiClient] With headers:', this.getHeaders())

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This logs sensitive data returned by
an access to apiKey
Loading
as clear text.

Copilot Autofix

AI about 3 hours ago

To fix the issue, logging of sensitive values, specifically the API key inside the Authorization header, should be avoided. The log statement on line 127 outputs the full headers, including the API key. The best practice is to either remove the log entirely or, if logging is still needed for debugging, to obfuscate or omit the Authorization header when logging headers. The remainder of the code should remain unchanged, and no change to the actual HTTP request is required.

The required change is as follows:

  • In app/javascript/maps_maplibre/services/api_client.js, replace the sensitive logging on line 127 with a safer alternative. Either log only non-sensitive headers, or exclude/obfuscate the authorization header if debug logging is still desired.
  • No imports or additional dependencies are required.
Suggested changeset 1
app/javascript/maps_maplibre/services/api_client.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app/javascript/maps_maplibre/services/api_client.js b/app/javascript/maps_maplibre/services/api_client.js
--- a/app/javascript/maps_maplibre/services/api_client.js
+++ b/app/javascript/maps_maplibre/services/api_client.js
@@ -124,7 +124,7 @@
 
     const url = `${this.baseURL}/photos?${params}`
     console.log('[ApiClient] Fetching photos from:', url)
-    console.log('[ApiClient] With headers:', this.getHeaders())
+    // Do not log sensitive Authorization headers
 
     const response = await fetch(url, {
       headers: this.getHeaders()
EOF
@@ -124,7 +124,7 @@

const url = `${this.baseURL}/photos?${params}`
console.log('[ApiClient] Fetching photos from:', url)
console.log('[ApiClient] With headers:', this.getHeaders())
// Do not log sensitive Authorization headers

const response = await fetch(url, {
headers: this.getHeaders()
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Freika