Contributing as a tester reporting bugs. Not sure on what repository to leave this issue.
Description:
Potential security risk of sensitive information being exposed such as API keys.
If a user decides to log out from the API page, the tokens can be seen and copied by pressing the back button on the browser without logging back in.
Environment:
Windows 10
Chrome Version 120.0.6099.225
Preconditions:
Open the Application (https://openweathermap.org/ ) in Chrome Browser.
User is logged in.
Steps to reproduce
Click on the Dropdown menu next to the username.
Select "My API keys" .<Verify ER -1>
Click on the Dropdown menu next to the username.
Select "Logout" option <Verify ER -2>
Click on Browser back button <Verify ER -3>
Expected result
User should see the API keys page.
User should be taken to the login page and a red alert message should appear displaying "You need to sign in or sign up before continuing".
User should not get logged in nor should sensitive information be shown.
Actual Result:
User appears to be logged in and API keys can be copied.
issue1.1.mp4
Contributing as a tester reporting bugs.
Not sure on what repository to leave this issue.
Description:
Potential security risk of sensitive information being exposed such as API keys.
If a user decides to log out from the API page, the tokens can be seen and copied by pressing the back button on the browser without logging back in.
Environment:
Preconditions:
Steps to reproduce
Expected result
Actual Result:
issue1.1.mp4