Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Anyone can edit/delete pastes even though MICROBIN_PASSWORD is set and EDITABLE is false #269

Open
fcpwiz opened this issue Jul 24, 2024 · 2 comments
Open

Anyone can edit/delete pastes even though MICROBIN_PASSWORD is set and EDITABLE is false #269

fcpwiz opened this issue Jul 24, 2024 · 2 comments

Comments

@fcpwiz
Copy link

fcpwiz commented Jul 24, 2024

Title says it all! Only people with the password can submit pastes, but anyone with the URL can edit and delete it without needing a password. What am I missing here?
@skyrocknroll
Copy link

Facing the same issue

@Danie10
Copy link

Danie10 commented Nov 1, 2024
edited
Loading

I tested the public instance with a read-only code snippet which I set a password for. Although I see an edit button, if I don't enter a password, it does not save any changes. Same happened when I tried to remove the code snippet without a password. So it looked to me like it is working as intended?

That said, I tried hosting it myself and could edit, but not delete (does not accept password) - see another issue open for that. Wish I could see the config for the public test instance as it seemed to work OK.

If it helps, these are the relevant envs I finally found to work (some variable descriptions make little sense):

export MICROBIN_EDITABLE=true
export MICROBIN_READONLY=false
export MICROBIN_ENABLE_READONLY=true
export MICROBIN_NO_FILE_UPLOAD=false
export MICROBIN_UPLOADER_PASSWORD=ISetOneHere

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skyrocknroll @Danie10 @fcpwiz