Open tatey opened 4 years ago
Should the ID that's returned in the submission actually be a token? That way you can't tamper with other submissions by guessing an auto incrementing ID.
Should this endpoint have additional protections against abuse? See https://github.com/CrunchyBagel/TracePrivately/issues/37.
Since 8601982 submissions are now limited to a max of 21 keys.
See https://github.com/CrunchyBagel/TracePrivately/issues/21.
Request to
/api/submit
can send through the submission ID which means the keys should be appended to the submission.