Daniel Holmgren
Daniel Holmgren
i don't think we do this, but i'm not opposed 👍 altho I also don't really see an attack related to it so not terribly concerned
Honestly, not a lot was put into this yet because we don't allow edits to records yet (unless those edits don't have ux concerns in which case we wrap them...
Worth pointing out that even though we know we have valid emails for them, there is no requirement that they signed up with the same email that the invite went...
We've just been horribly busy lately, getting through some PRs now. Thanks for your patience :) This code is not actively deployed anywhere so fixing the vulnerability was not high...
Yup yup this one was fine. Low attack vector & the vector is not even accessible in production deployments right now. This did prompt me to draft a security readme...
We wanna do this so bad. But right now we're super bandwidth-constrained & just do not have time to handle the in-bound. We also need to update & publish our...
yup @bnewbold nailed it 👍 also for non-code related discussions, I'd encourage holding them in https://github.com/bluesky-social/atproto/discussions
React native requires a custom fetch handler. See this for helpers: https://github.com/bluesky-social/atproto/blob/main/packages/api/docs/rn-fetch-handler.ts
it actually totally had to do with time 😅 we just have a million small things to do that would only take 20 min a piece, but haven't gotten around...
hey @jesopo wondering if you're planning on getting back to this or if i should get it over the line?