You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 13, 2022. It is now read-only.
E.g. https://inbox1.inrupt.net/inbox/ is not accessible without authentication (GET returns 401). But anybody can subscribe to it without any authentication/authorization: var socket = new WebSocket('wss://inbox1.inrupt.net/inbox/', ['solid-0.1']);
This way I get notifications for e.g. new messages in that inbox.
(observed on https://inrupt.net/ - server version Solid 5.6.4)
Is that intentional? I can see this as potentially insecure, if e.g. someone subscribes to some more specific resource to watch if it was updated or not.
E.g. https://inbox1.inrupt.net/inbox/ is not accessible without authentication (GET returns 401). But anybody can subscribe to it without any authentication/authorization:
var socket = new WebSocket('wss://inbox1.inrupt.net/inbox/', ['solid-0.1']);This way I get notifications for e.g. new messages in that inbox.
(observed on https://inrupt.net/ - server version Solid 5.6.4)
Is that intentional? I can see this as potentially insecure, if e.g. someone subscribes to some more specific resource to watch if it was updated or not.
I don't see any spec regarding auth at https://github.com/solid/solid-spec/blob/master/api-websockets.md.