From 72f0e3fd81d23dc4945b5c742744e6627b234f44 Mon Sep 17 00:00:00 2001
From: Equim <sayaka@ekyu.moe>
Date: Mon, 22 Jan 2018 06:39:30 +0800
Subject: [PATCH] http: render: never expose ReCaptchaSecret to public

---
 http/http.go | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/http/http.go b/http/http.go
index f674b312..c40435c5 100644
--- a/http/http.go
+++ b/http/http.go
@@ -223,13 +223,12 @@ func renderFile(c *fm.Context, w http.ResponseWriter, file string) (int, error)
 	w.Header().Set("Content-Type", contentType+"; charset=utf-8")
 
 	data := map[string]interface{}{
-		"BaseURL":         c.RootURL(),
-		"NoAuth":          c.NoAuth,
-		"Version":         fm.Version,
-		"CSS":             template.CSS(c.CSS),
-		"ReCaptcha":       c.ReCaptchaKey != "" && c.ReCaptchaSecret != "",
-		"ReCaptchaKey":    c.ReCaptchaKey,
-		"ReCaptchaSecret": c.ReCaptchaSecret,
+		"BaseURL":      c.RootURL(),
+		"NoAuth":       c.NoAuth,
+		"Version":      fm.Version,
+		"CSS":          template.CSS(c.CSS),
+		"ReCaptcha":    c.ReCaptchaKey != "" && c.ReCaptchaSecret != "",
+		"ReCaptchaKey": c.ReCaptchaKey,
 	}
 
 	if c.StaticGen != nil {