Closed fierc3 closed 1 year ago
Users can now only access data in ravendb which is also assigned to them via UploadProfile. Since this id is stored in the HTTP-only cookie, forgery can't happen.
Also had to make some logic changes which create folders on the fly.
Users can now only access data in ravendb which is also assigned to them via UploadProfile. Since this id is stored in the HTTP-only cookie, forgery can't happen.
Also had to make some logic changes which create folders on the fly.