search

synzen / MonitoRSS

MonitoRSS RSS bot (formerly known as Discord.RSS) with customizable feeds. https://monitorss.xyz
https://monitorss.xyz
MIT License
1.05k stars 237 forks source link

Enable whitelist in validation pipe #372

Closed sanjacob closed 2 months ago

sanjacob commented 3 months ago

You forgot to enable whitelist, otherwise forbidNonWhitelisted won't take effect

synzen commented 2 months ago

Apologies for the late response, thanks for catching this. I think there is a chance this would cause breaking changes since it looks like it'll force contracts to be stricter. This was the original intention but I don't think enabling it at this point is worth the additional effort of finding/fixing any cases where the API starts returning non-2XX status codes

I believe a better alternative here would be to remove forbidNonWhitelisted entirely - if you could update the PR, I'll happily merge it then

sanjacob commented 2 months ago

As long as you aren't directly passing any dto's to the db that's okay. But if you are, you risk unwanted db changes.