Fix broken auth check for deleting videos
Opened this issue · 0 comments
mxb7867 commented
Previously, any user could delete any other user's videos, since there was no authentication check, but currently the auth check fails in app.py:line 220 (currently in branch auth_video_delete), I believe because the DELETE request issued by React (frontend/src/components/VideoCard.js: line 48) isn't sending cookies in the request headers
Possible solutions:
- figure out how to make DELETE include the cookie headers (should immediately fix the problem)
- rewrite the delete videos logic using POST (slightly more annoying)