Open fabiolecca opened 1 year ago
You are totally right, we are planning to add some sort of security layer. I'll tag @pieroit for better response
@fabiolecca do you have a suggestion on how to improve this?
A fully fledged user and auth system is out of scope for the project, but agree we should give more security.
if I publish the widget with url and API key, I can use the api key included in the widget page to go to the /settings/ endpoint and read out the OpenAI API keys.