EyuCoder
commented
1 year ago yeah if you have the link to server you can do direct request to it because the auth is just from the client side and session is not stored in a DB. only clients browser
Closed killinsun closed 1 year ago
EyuCoder
commented
1 year ago yeah if you have the link to server you can do direct request to it because the auth is just from the client side and session is not stored in a DB. only clients browser
killinsun
commented
1 year ago Gotcha. Thanks.
Hello! I found a tiny issue. If I look at the code, it looks the clone has SSO with Google, but we can send HTTP requests to the backend directly without authentication.
It gives rise to excessive use of APIs and bypasses the rate limit middleware.
wdyt?