[Security]Don't expose request meta of request in public app or viewer model

AnsonHwang · January 26, 2024, 1:23am

Above is a screenshot of a introspect of public app. I can get the metadata of of request of it, even the request url and body.

I think it's insecure to expose it to end user especially in public app or viewer model.
Pls consider only expose it to editor model which is helpful for debug.

Paulo · March 13, 2024, 12:53am

Hi @AnsonHwang, thank you for your feedback!

We just created a FR for this and we'll keep you posted with any news from our devs.