Emelia Smith
Emelia Smith
As an aside, it took several hours to get the tests running and debugged locally β there's definitely room for improving the development setup. E.g., one issue I encountered was...
There's a very strong difference between addressing a collection (and the expansion of the collection to inboxes used for delivery) and `POST`ing an activity to a collection's inbox endpoint (in...
In a Groups context, a Group Actor would probably have a `members` collection, if, and only-if you address the group's members collection directly, and not the Group Actor, would your...
Documentation PR: https://github.com/adonisjs/v6-docs/pull/191
> A fundamental question. Should this change be specific to multipart requests? Or should it be that the bodyparser will throw error when an unsupported content-type is sent in the...
> Writing files to disk can be avoided by simply not processing the multipart files using `autoProcess: false`. This still leaves the requests hanging open, which is an attack surface...
This tripped me up too, as many other `npx ...` commands for creating projects do include the software used in the dependencies, normally you don't need to do `npm add...
@privacyguard just a small note: PKCE is now recommended for all oauth applications, due to authorization code injection attacks: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.5 If this is intended for API client usage (I'm not...
> @ThisIsMissEm is that something that we could add on later, or better to do now? If so we could open an issue for it. Both can be added later...
Perhaps we could modify the migration / generator for enabling public clients to check that secret is nullable?