Closed this issue 4 years ago · 1 comments
provide a middleware that only the server can pass (use request origin)
as mentioned in #25 , all you need to do is to add the userId to the request params in the live server and the storage will decide if it's forbidden