Closed julianrubisch closed 4 years ago
julianrubisch
commented
4 years ago @leastbad @hopsoft I'm unsure about this one, would you give me the pleasure and chime in? Do you think this is necessary? I.e., is it necessary to authenticate the channel or is it safe for multi-user use?
leastbad
commented
4 years ago I think the simplest answer is that you should 100% absolutely copy Nate's stream_name method from SR verbatim.
While the nature of Futurism is arguably harmless eg. if someone has an sgid in their DOM that suddenly gets loaded, it's probably not a harm. However, it doesn't make sense to me that everyone should be receiving everyone's updates, regardless.
julianrubisch
commented
4 years ago yeah I was just stumped because you don't do it in optimism...
leastbad
commented
4 years ago I'm not sure that's actually true:
https://optimism.leastbad.com/authentication
Optimism is based on stream_for instead of stream_from.
julianrubisch
commented
4 years ago Ah! I see. Of course
see https://github.com/hopsoft/stimulus_reflex/blob/7c80cc8adac55af5413a0bc8379ab251aeae5b0e/lib/stimulus_reflex/channel.rb#L4