Closed xarantolus closed 6 years ago
Right now, any client can connect to the server to receive events. This should be restricted to people who have an api token or the right cookie.
How to reproduce: register events and enter io.connect() in your browser console
io.connect()
Right now, any client can connect to the server to receive events. This should be restricted to people who have an api token or the right cookie.
How to reproduce: register events and enter
io.connect()
in your browser console