search

awslabs / aws-mobile-appsync-sdk-js

JavaScript library files for Offline, Sync, Sigv4. includes support for React Native
Apache License 2.0
919 stars 266 forks source link

feat(aws-appsync): Remove storeCacheRootMutation flag #656

Closed wlee221 closed 3 years ago

wlee221 commented 3 years ago

Issue #, if available:

Description of changes: Removes storeCacheRootMutation for security reasons outlined here. The library is secure as this flag defaults to false and call this.data.delete('ROOT_MUTATION') here https://github.com/awslabs/aws-mobile-appsync-sdk-js/blob/fc173bfe3ce262b1dba422021fc57097c4926b7b/packages/aws-appsync/src/cache/offline-cache.ts#L95-L97

While this flag defaults to false, we're removing this flag in case user changes this flag and spawn vulnerabilities.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

wlee221 commented 3 years ago

Found few more place where storeCacheRootMutation is used. I removed all of them now, and confirmed yarn prepare && yarn build to pass.