Closed ghost closed 8 years ago
And worse if I am on TWO different machines I can still get around authentication and get a response from the server ... access control is set to user ...
This was discussed in the blog post. You can't get around authentication by copy/pasting the URL. If you are not authenticated via the server no sensitive user data will be returned as long as you have secured your API serving up said data.
Hello,
So if you are in say firefox and logged in and copy the URL. And then go to say chrome and past the URL then it gets a response from the server. Basically going around authentication. How does one stop this correctly ...
Thanks! Evan