Closed kojoty closed 2 years ago
@rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.
And yes, no rules are selected by default because user should decide once for each geocache how to deal with reactivations.
@rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.
I always thought client-side verification is a convenience, server-side one is security, but... as you wish.
Rapotek,
I fully agree generally - that's obvious - but I think reactivation rules selection is only a strong suggestion for user not an obligation so that's why there is no need to validate it this way
On Tue, Oct 19, 2021 at 8:41 AM rapotek @.***> wrote:
@rapotek https://github.com/rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.
I always thought client-side verification is a convenience, server-side one is security, but... as you wish.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/opencaching/opencaching-pl/pull/2303#issuecomment-946411255, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWTAKCWSQI3LGQBTPEEMXLUHUHIPANCNFSM5GCX5TBQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
@kojoty I haven't got time to test it before, but I am doing it now and there is a thing. Correct me if I am wrong, but a verification if any of reactivation rule is selected is done on a client side only. I think, when there is a requirement to select one of available options, it should be verified on a server side, too. And one more thing: no reactivation rule is selected by default and the user creating a cache has to manually select one every time. I suppose it is made on purpose in this way and has been discussed with Polish OcTeam? Or not?