You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! I found a tiny issue.
If I look at the code, it looks the clone has SSO with Google, but we can send HTTP requests to the backend directly without authentication.
It gives rise to excessive use of APIs and bypasses the rate limit middleware.
wdyt?
The text was updated successfully, but these errors were encountered:
yeah if you have the link to server you can do direct request to it because the auth is just from the client side and session is not stored in a DB. only clients browser
Hello! I found a tiny issue.
If I look at the code, it looks the clone has SSO with Google, but we can send HTTP requests to the backend directly without authentication.
It gives rise to excessive use of APIs and bypasses the rate limit middleware.
wdyt?
The text was updated successfully, but these errors were encountered: