/api/config exposing information #3104
Replies: 1 comment 4 replies
-
|
That is used on the frontend to ensure the conversation state applies correctly. Doing it like this allows mixing of endpoints/modelSpecs mid-conversation |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @danny-avila , appreciate the quick response. Looks like no way around if it's front-end use. it's been flagged after security audit as the system instruction (in promptprefix) is visible to user. Wondering if there are other way to provide these instructions without clients seeing it. |
Beta Was this translation helpful? Give feedback.
-
|
I understand the sensitivity to exposing the prompts, let me think about how to address this and I will get around to it this week |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @danny-avila . I'll watch this page. |
Beta Was this translation helpful? Give feedback.
-
|
Yes that indeed is a security issue. About exposing promts. If you have modelSpecs enabled the promts you have used can also be viewed if you do not deactivate the other endpoints and click on configure icon on the right side of the model... Would be nice if modelSpecs are excluded to be viewed like this. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
the path for example https://test.com/api/config is exposing info to clients including such as promptprefix instruction (looks like taken from modelSpecs. How do we hide so these info are not exposed.
Thanks
Beta Was this translation helpful? Give feedback.
All reactions