sendgrid-contact-form icon indicating copy to clipboard operation
sendgrid-contact-form copied to clipboard

Published 20 hours ago verified publisher icon manuarora700

Security concern about public endpoint

Open fescobar opened this issue 3 years ago • 1 comments

With your solution, everybody can request directly your endpoint and send emails for free. https://github.com/manuarora700/sendgrid-contact-form/blob/main/pages/api/sendgrid.js

fescobar avatar Jul 03 '22 14:07 fescobar

The from and to values are hardcoded - Even if someone uses the API, it'll land in my inbox. Since the contact form is public and anyone can use it, I haven't made any Allowed List on SendGrid.

Please let me know if I'm missing something.

manuarora700 avatar Jul 03 '22 14:07 manuarora700