jfontan
commented
1 year ago Thank you for the heads up,
Hi, that route is unprotected as users cannot log in. I'm not sure how to stop this. Anyway, I cleaned up all these effects.
Open oSumAtrIX opened 1 year ago
jfontan
commented
1 year ago Thank you for the heads up,
Hi, that route is unprotected as users cannot log in. I'm not sure how to stop this. Anyway, I cleaned up all these effects.
oSumAtrIX
commented
1 year ago Only way I can imagine is to burden attackers via captcha if you need this route to be public.
jfontan
commented
1 year ago I'll think about what options we can add to stop these automated submissions. Thanks for the idea.
Affected route is not authorized and is actively being exploited:
https://github.com/mrdoob/glsl-sandbox/blob/master/server/server.go#L166
Solution
Add auth middleware to said route.