Closed Floriferous closed 4 years ago
I recommend to run away from global exposures, they are deprecated as they are a pain to secure.
I disagree, they are a total game changer for us on the frontend.
They're one of the most productive features for us in our back office application where security rules are very simple: If you work in our company, you can access the entire DB, otherwise you can not use global queries.
Building new front-end features is made extremely easy, as you can simply query whatever you want, and we know it'll not be abused as we know our users personally!
When using global exposures, and passing a function as the body param, it throws because of missing validation. Maybe I misunderstood the docs, but I believe I should be able to do this.
Is global exposure tested properly? Because there's a lot of talk about security, but if this
body(userId) {}
function isn't tested anywhere that might be a big issue!