Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LiveChat config endpoint sends customFields #16354

Closed
wreiske opened this issue Jan 8, 2020 · 5 comments · Fixed by #17640
Closed

LiveChat config endpoint sends customFields #16354

wreiske opened this issue Jan 8, 2020 · 5 comments · Fixed by #17640
Assignees
@renatobecker
Labels
stat: triaged Issue reviewed and properly tagged type: improvement
Milestone
3.3.0

Comments

@wreiske
Copy link
Contributor

wreiske commented Jan 8, 2020

The /api/v1/livechat/config endpoint leaks custom fields. These may contain private, identifiable information about an agent.

Please remove the custom fields object from the livechat config endpoint, or make it configurable and OFF by default.
@renatobecker renatobecker self-assigned this Jan 28, 2020
@renatobecker renatobecker transferred this issue from RocketChat/Rocket.Chat.Livechat Jan 28, 2020
@renatobecker renatobecker added this to the 3.0.0 milestone Jan 28, 2020
@renatobecker
Copy link
Contributor

@wreiske Here we will do the same action that we did in the CRM integration.
Please, take a look at #16286

@engelgabriel engelgabriel modified the milestones: 3.0.0, 3.1.0 Mar 17, 2020
@ashwaniYDV
Copy link
Contributor

ashwaniYDV commented Mar 18, 2020
edited
Loading

@wreiske I'm not able to reproduce this issue. Can you please help.
I've added custom fileds here http://localhost:3000/livechat-manager/customfields.
Now when I called the api through postman /api/v1/livechat/config, there was no customFileds property.

@wreiske
Copy link
Contributor Author

wreiske commented Mar 18, 2020
edited
Loading

The custom fields are not the livechat custom fields, they are custom fields on normal users in Rocket.Chat. You'll have to add the custom fields from the admin, not the livechat settings.

For example, a normal user may have custom fields such as "Home Phone" or "Personal Email" or something. Those fields are what shows in the livechat config, leaking the agent's information.

@engelgabriel engelgabriel modified the milestones: 3.1.0, 3.2.0 Apr 20, 2020
@engelgabriel engelgabriel modified the milestones: 3.2.0, 3.3.0 May 10, 2020
@engelgabriel
Copy link
Member

@renatobecker any updates on this one?

@renatobecker
Copy link
Contributor

renatobecker commented May 10, 2020
edited
Loading

@renatobecker any updates on this one?

@engelgabriel I'll work on this issue and I'll make sure that we'll fix it on the next release: 3.3.
Thanks for bringing it up.

@renatobecker renatobecker mentioned this issue May 13, 2020
Merged
@tassoevan tassoevan added stat: triaged Issue reviewed and properly tagged and removed Triaged labels Oct 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@renatobecker renatobecker

Labels
stat: triaged Issue reviewed and properly tagged type: improvement
Projects
None yet
Milestone
3.3.0
5 participants
@engelgabriel @tassoevan @wreiske @ashwaniYDV @renatobecker