LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
This is important because it prevents IDORs due to the Confused Deputy problem instead of us relying on properly querying for if the user is authorized every time. It's possible to set the X-Hasura-Real-User-Id header or we can forward the user's JWT directly.
This is important because it prevents IDORs due to the Confused Deputy problem instead of us relying on properly querying for if the user is authorized every time. It's possible to set the
X-Hasura-Real-User-Id
header or we can forward the user's JWT directly.For example:
That can become:
And it will still function the same.