You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the title says, when viewing the API document, I found that the /comment/list API will return the IP of all commentators. Not only the owner of the article can view it, but anyone who can view this note can see it (such as public note), picture:
This is easy to leak the IP addresses of all commenters. I don’t think it is necessary to join this column. If the article owner needs to view it, then you only need to open this column to the article owner
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
如題,在查看API文檔時,發現/comment/list這個api會返回所有留言者的IP,不止文章擁有者可以查看,只要可以查看到這篇note的人都可以看到(如公開note),如圖:
這樣容易泄露所有留言者的IP地址,我認為沒有必要加入此欄位,如果文章擁有者需要查看,那也只需要開放此欄位給文章擁有者即可
As the title says, when viewing the API document, I found that the /comment/list API will return the IP of all commentators. Not only the owner of the article can view it, but anyone who can view this note can see it (such as public note), picture:
This is easy to leak the IP addresses of all commenters. I don’t think it is necessary to join this column. If the article owner needs to view it, then you only need to open this column to the article owner
Beta Was this translation helpful? Give feedback.
All reactions