[Security]Don't expose request meta of request in public app or viewer model

Above is a screenshot of a introspect of public app. I can get the metadata of of request of it, even the request url and body.

I think it's insecure to expose it to end user especially in public app or viewer model.
Pls consider only expose it to editor model which is helpful for debug.

1 Like