Open victorgutemberg opened 5 years ago
In constants/GraphQL.js the server access key is exposed. Since the app can be unassembled, the secret could be read and used to access all the data.
After the backend authentication is done, the server access key can be removed and the user access token is used instead.