rfrymire
22 days agoBronze I
Node.js - Beginner -- What am I missing?
In the Node.js - Beginner collection there is a practical lab on Forced Browsing. I have completed what is setup as the criteria for the lab but it keeps telling me that the code isn't secure.
I have tested with two different users and the solution works to prevent forced browsing.
Is there some other criteria that needs to be met that I'm missing.
Remediation:
Authorization check: returns a 401 if the user isn't logged in
I have also added the author check to verify that only the logged in user retrieves their own drafts.