Here I was trying to add a feature to comment on the issue directly from the blog page, this works but has few security concerns as follows:

In _config.yml you see the following:

# recommended that you DON'T set anything to firebase right now, this is unstable
# disabling firebase also means you should set `isGithubAuth` to false.
# If you still want to test it(it works), then use your firebase credentials
firebaseConfig:
    apiKey: AIzaSyAZSJ1d1Sr9MnTK-__3D8SrwXjjQf6EML4
    authDomain: myblog-2b0ba.firebaseapp.com
    projectId: myblog-2b0ba

This is because of two reasons:

  • When using the JavaScript SDK, Firebase api keys have to be public. I don't know how safe is that.
  • Even if you use firebase(it works nicely) but the github scope that is required to comment on github issue is repo which grants private repo read/write access. I don't want this scope, I just want something with which I can comment on other github issues, but there is no other scope that enables that.

So these are the security issues with that. Let me know if you have any suggestion/solution.