RebelOfDeath
commented
1 week ago with Sessions as they can be followed in #8 a certain level of verification is achieved, however, in 7e3c41a4ee82e92322b2fc28b8609106ed349363 a basic version of IP blacklisting was introduced to combat the possibility of malicious intent.
Currently the APIs are exposed to the world; we want only requests from authorised sources (i.e. the plugins themselves) to be able to use them.
I don't know how you can securely authenticate on an open-source project, but there must be a way. We need to look into this.