From 71ed0844b9a8d32875c1bdacba03147b803afc9d Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Wed, 12 Feb 2020 21:12:14 -0800
Subject: [PATCH] fix: Pass github authorization via header instead of query
 string

---
 server/routes.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/routes.js b/server/routes.js
index 2d882cb5d..7dcc9aa24 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -58,8 +58,12 @@ router.get('/developers', ctx => renderpage(ctx, <Developers />));
 router.get('/developers/api', ctx => renderpage(ctx, <Api />));
 router.get('/changelog', async ctx => {
   const data = await fetch(
-    `https://api.github.com/repos/outline/outline/releases?access_token=${process
-      .env.GITHUB_ACCESS_TOKEN || ''}`
+    `https://api.github.com/repos/outline/outline/releases`,
+    {
+      headers: {
+        Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN || ''}`,
+      },
+    }
   );
   const releases = await data.json();
   return renderpage(ctx, <Changelog releases={releases} />);