⚠️ Unprotected route
oSumAtrIX opened this issue · 3 comments
oSumAtrIX commented
Affected route is not authorized and is actively being exploited:
https://github.com/mrdoob/glsl-sandbox/blob/master/server/server.go#L166
Solution
Add auth middleware to said route.
jfontan commented
Thank you for the heads up,
Hi, that route is unprotected as users cannot log in. I'm not sure how to stop this. Anyway, I cleaned up all these effects.
oSumAtrIX commented
Only way I can imagine is to burden attackers via captcha if you need this route to be public.
jfontan commented
I'll think about what options we can add to stop these automated submissions. Thanks for the idea.