Is there some whitelist to config? if not, someone can use same subdomain/region to build a site to do something bad, such as trigger the delete mutation.
Last active 4 months ago
11 replies
11 views
- LE
Is there some whitelist to config?
if not, someone can use same subdomain/region to build a site to do something bad, such as trigger the delete mutation.
- EL
You should use permissions for that: https://docs.nhost.io/graphql/permissions
- LE
this is hasrua role base permissions right? can it define rules which request come from!
- EL
> this is hasrua role base permissions right?
Yes> can it define rules which request come from!
If you mean setting CORS domains we don't support this yet. Feel free to create an issue on GitHub so we can track it there - LE
thanks i will try it
- LE
but i think nhost can support some env to define urls which application used.
- LE
something rules like Access-Control-Allow-Origin
- EL
Yes, see my previous answer about CORS
- LE
i will creat feature requset later
- LE
how to prevent others use same subdomain,region key to build another website?
- LE
https://firebase.google.com/docs/app-check
Google Firebase support this way, it looks like more complex.
Last active 4 months ago
11 replies
11 views