github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-01 12:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Apply review feedback

Browse Source
This commit is contained in:
Michael B. Gale
2025-09-24 15:50:19 +01:00
parent d43f46c39c
commit 4e820a4ca4
9 changed files with 28 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/setup-codeql.ts
View File

@@ -567,11 +567,9 @@ export const downloadCodeQL = async function (
const headers: OutgoingHttpHeaders = {
accept: "application/octet-stream",
};
// We only want to provide an authorization header if we are downloading
// from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL.
let authorization: string | undefined = undefined;
// We don't want to send an authorization header if there's already a token provided in the URL.
if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token.");
} else {