Closed julianrubisch closed 4 years ago
@leastbad @hopsoft I'm unsure about this one, would you give me the pleasure and chime in? Do you think this is necessary? I.e., is it necessary to authenticate the channel or is it safe for multi-user use?
I think the simplest answer is that you should 100% absolutely copy Nate's stream_name
method from SR verbatim.
While the nature of Futurism is arguably harmless eg. if someone has an sgid in their DOM that suddenly gets loaded, it's probably not a harm. However, it doesn't make sense to me that everyone should be receiving everyone's updates, regardless.
yeah I was just stumped because you don't do it in optimism...
I'm not sure that's actually true:
https://optimism.leastbad.com/authentication
Optimism is based on stream_for
instead of stream_from
.
Ah! I see. Of course
see https://github.com/hopsoft/stimulus_reflex/blob/7c80cc8adac55af5413a0bc8379ab251aeae5b0e/lib/stimulus_reflex/channel.rb#L4