Describe the bug
We don't allow incorrect secure subdomains to access apps. This is a security feature to stop users from shooting themselves in the foot. However, public (i.e. authenticated == false) apps CAN still be accessed. This is a security hole
|
"secure subdomain can only serve its associated package", |
Describe the bug
We don't allow incorrect secure subdomains to access apps. This is a security feature to stop users from shooting themselves in the foot. However, public (i.e.
authenticated == false) apps CAN still be accessed. This is a security holehyperdrive/hyperdrive/src/http/server.rs
Line 690 in b60ccd4