Knack Pages takes 30s to load a specific script and that script is leaking data

I’m having an issue trying to access my sites, where a specific script takes over 30s to load.

Chrome debug tools show the script request URL looks like this:<app_id>?callback=jQuery<Random_Numbers>&_=<Some_More_Numbers>

I try to check what the URL<app_id> do, I found out that it display a lot of information about my knack site, publicly available.

Hi @Ruben,

If you haven’t already, please reach out to the support team for assistance with this issue, and they will be happy to help! You can reach out to them via this form: Create Support Ticket

Thank you @Les

I have created a ticket already and the issue with the slowdown has been fixed. However I am still waiting for more info on the issue with leaked information on a publicly accessible address.

Hi @Les

Do you know how I can escalate a ticket which has not received any response for 2 months?

Sorry to hear you haven’t received a response for 2 months- that’s never our intention to leave our customers hanging like that. Do you happen to have the ticket number? I’m currently searching for your ticket now by your email address from the forum, but if you have the direct ticket number, that would help a lot. I can forward the ticket to my team and make sure you get a response ASAP.

This is expected behavior. What you are seeing is your app’s schema, that defines all the pages, views, tables, fields, etc. for your app. The more complex your app is, the bigger this schema gets, and the longer it can take to load.

Record data is not exposed publicly in this way, unless you use your app’s API Key in the Custom JavaScript section or pages/views that are not protected by a login.

1 Like

I believe I have found your ticket from Feb. 26th without a reply. I will be sharing this with the team. Thank you for letting me know!

Here is the ticket number 2368583076

1 Like

Hi @hmnd

It also includes all definition of actions, email templates, from_email, our technical contact info, billing contact email, etc. This is available whether or not user have access to those pages/views even in incognito mode.

Hi @Ruben,

I understand your concern. Some customers utilize the availability of this information for their benefit, but there are plans on the Knack roadmap to change how this works. We don’t have a concrete release date as of yet for this, however, we will be sure to post about this change in our release notes.