You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should write a few simple tests to see which implementations require acl:Read access to receive notifications about a given resource on websockets-pubsub. The test suite sends auth headers by default, but these were only a recent proposal and I think most implementations ignore them and just stream notifications to anyone who connects and asks for it. Related to the age-old nodeSolidServer/node-solid-ws#1.
The reporting on these tests should obviously reflect that auth headers are still experimental in websockets-pubsub and they are not yet required by the spec. Still, it's a potential security issue if they're ignored, so worth testing.
The text was updated successfully, but these errors were encountered:
We should write a few simple tests to see which implementations require
acl:Readaccess to receive notifications about a given resource on websockets-pubsub. The test suite sends auth headers by default, but these were only a recent proposal and I think most implementations ignore them and just stream notifications to anyone who connects and asks for it. Related to the age-old nodeSolidServer/node-solid-ws#1.The reporting on these tests should obviously reflect that auth headers are still experimental in websockets-pubsub and they are not yet required by the spec. Still, it's a potential security issue if they're ignored, so worth testing.
The text was updated successfully, but these errors were encountered: