Anyone can delete the paste

Question

Anyone can delete the paste

vitobotta opened this issue 2 years ago · 5 comments

Hi, I just noticed that anyone with the link can delete the paste as there is no restriction at all. Is this intentional?

Answer 1 · 2023-01-26T21:02:39.000Z

Yes, because there is no authentication mechanism in place. But I could set a cookie to allow deletion only from the browser that made the paste. But I am not sure if that would then require a pesky cookie banner which I'd like to avoid if possible.

Answer 2 · 2023-01-26T21:15:35.000Z

The cookie would work well I think

Answer 3 · 2023-01-26T21:47:20.000Z

I am not a lawyer but from what I can tell, purely functional cookies that require a site to function do not imply a cookie banner. So good chance I will start implementing this soon.

Answer 4 · 2023-01-27T08:46:16.000Z

That's awesome @matze - looking forward to it :)

Answer 5 · 2023-01-27T20:48:33.000Z

I've pushed a branch that I will likely merge tomorrow. Works alright so far.