Fix broken auth check for deleting videos

Question

Fix broken auth check for deleting videos

Opened this issue 5 years ago · 0 comments

Previously, any user could delete any other user's videos, since there was no authentication check, but currently the auth check fails in app.py:line 220 (currently in branch auth_video_delete), I believe because the DELETE request issued by React (frontend/src/components/VideoCard.js: line 48) isn't sending cookies in the request headers
Possible solutions:

figure out how to make DELETE include the cookie headers (should immediately fix the problem)
rewrite the delete videos logic using POST (slightly more annoying)