Hi again all, After talking with my manager on the latest vulnerability assessment we had done on our DH instance. The company said they were able to read secret access tokens from ther users, but it turns out it was just the metadata of the tokens. Crisis averted 😅

Hi Jonathan, This is by design, glad got it all sorted out 🙂

Yes I have been reading more documentation and I noticed that! Thank you for the verification. I am still working my way through the report, but that seemed the most severe. There are still some things I don't know much about (something with SSRF?) but I am learning!