mirror of
https://github.com/makenotion/notion-mcp-server.git
synced 2026-04-17 13:06:59 -04:00
fcb19b8926
* fix: prevent sensitive auth tokens from being logged in cleartext - start-server.ts: Remove auto-generation of auth tokens that were logged in cleartext. Now requires explicit --auth-token or AUTH_TOKEN env var (or --disable-auth) for HTTP transport. - http-client.ts: Remove response data from error logs to prevent potential sensitive data exposure. - proxy.ts: Log only error messages and status codes instead of full error objects, which could contain request headers with auth tokens. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: write auto-generated auth token to file, add Notion integration link Instead of logging the auto-generated HTTP auth token in cleartext, write it to a temp file with restricted permissions (0600). Also resolve the bot ID via /v1/users/me and log a direct link to the Notion integration settings page where users can manage their token. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>