Anyone can delete the paste

matze / wastebin

wastebin is a pastebin

MIT License

250 stars 25 forks source link

Anyone can delete the paste #14

Closed vitobotta closed 1 year ago

vitobotta commented 1 year ago

Hi, I just noticed that anyone with the link can delete the paste as there is no restriction at all. Is this intentional?

matze commented 1 year ago

Yes, because there is no authentication mechanism in place. But I could set a cookie to allow deletion only from the browser that made the paste. But I am not sure if that would then require a pesky cookie banner which I'd like to avoid if possible.

vitobotta commented 1 year ago

The cookie would work well I think

matze commented 1 year ago

I am not a lawyer but from what I can tell, purely functional cookies that require a site to function do not imply a cookie banner. So good chance I will start implementing this soon.

vitobotta commented 1 year ago

That's awesome @matze - looking forward to it :)

matze commented 1 year ago

I've pushed a branch that I will likely merge tomorrow. Works alright so far.