Hiya, currently @auth doesn't protect subscriptions, and subscriptions are on by default, so any user can read all Listing items as they are created. You need to either implement custom auth for subscriptions, or turn subscriptions off with @model(subscriptions: null). I see you are utilising subscriptions, so there is some specialised work needed to close off the security hole.
Hey! Thanks for mentioning! It was originally intended to be a single use app, I later figured I'd add instructions for hosting a shared version but forgot to remove subscriptions. I've update the codebase to no longer use them, thanks again!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hiya, currently @auth doesn't protect subscriptions, and subscriptions are on by default, so any user can read all Listing items as they are created. You need to either implement custom auth for subscriptions, or turn subscriptions off with @model(subscriptions: null). I see you are utilising subscriptions, so there is some specialised work needed to close off the security hole.
Hey! Thanks for mentioning! It was originally intended to be a single use app, I later figured I'd add instructions for hosting a shared version but forgot to remove subscriptions. I've update the codebase to no longer use them, thanks again!