You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 17, 2024. It is now read-only.
The endpoint for downloading answers should have a better protection that just checking the UUID of the Session Entity. In future versions that identifier is planned to be used with the URLs instead of the serial identifier, making that available to all the participants with the URL to the session page.
The best approach would be to check for the update permission on the entity itself, but that would limit it to only be available to the authenticated users.
Another approach would be to generate some unique token and allow that to be used instead. Ideally, the token would be short-lived and/or not part of the URL. Potentially passed as a header of the HTTP request.
The text was updated successfully, but these errors were encountered:
The endpoint for downloading answers should have a better protection that just checking the UUID of the Session Entity. In future versions that identifier is planned to be used with the URLs instead of the serial identifier, making that available to all the participants with the URL to the session page.
The best approach would be to check for the update permission on the entity itself, but that would limit it to only be available to the authenticated users.
Another approach would be to generate some unique token and allow that to be used instead. Ideally, the token would be short-lived and/or not part of the URL. Potentially passed as a header of the HTTP request.
The text was updated successfully, but these errors were encountered: