Comments (4)
jasonbosco
commented on June 3, 2024
@Scalahansolo Could you also post the contents of typeSenseSecret() (minus the actual api keys)
from typesense-js.
Scalahansolo
commented on June 3, 2024
@jasonbosco per our email chain, I had my read key and admin key mixed up :(. Again, as mentioned in that thread, I think it would be good to update the message on a bad key to be more clear about the issue as opposed to just saying the header wasn't included.
from typesense-js.
jasonbosco
commented on June 3, 2024
Phew! Glad it wasn't a deeper issue :)
The reason the error message is vague is because from a security perspective, we don't want to provide information about a key not existing vs it existing & not having the right permissions, for a potential malicious actor to use as a source of information.
from typesense-js.
Scalahansolo
commented on June 3, 2024
@jasonbosco I definitely understand the vagueness from a security perspective. With that being said however, even a malicious user would be able to tell "I've definitely included that header". Something along the lines of "401 Unauthorized: Invalid API Key" would be much better.
from typesense-js.
Related Issues (20)
- Multi-search response type mismatch (`collection_name` missing from `request_params`) HOT 2
- 400 error with update(..., { filter_by }) HOT 2
- Missing Pagination Params `offset` and `limit` HOT 1
- `found_docs` not included in the SearchResponse interface HOT 2
- connectionTimeoutSeconds seems to not be working HOT 6
- Add support for mulltiple API keys per cluster HOT 2
- Error Updating by query with npm package & Typesense Cloud: RequestMalformed: Request failed with HTTP code 400 | Server said: For update, the `id` key must be provided. HOT 2
- Unable to make a request work HOT 2
- Bump axios to 1.6.0 (CVE-2023-45857) HOT 2
- Missing search param `enable_highlight_v1` in types
- Improve TypeScript compatibility HOT 1
- include_fields in Retrieve a document HOT 3
- Inconsistent Search Results for Nested Objects
- Axios Cross-Site Request Forgery Vulnerability HOT 8
- Import with empty array fails
- Request to Node 0 failed due to "undefined Network Error" | Error: Exception in HostFunction: Malformed calls from JS: field sizes are different. HOT 2
- PresetSchema is declared as id but api returns name HOT 1
- Typesense search is double encoding square brackets "[" in bare react-native projects HOT 3
- Deleting collections with special characters doesn't work
- Issue when updating collection schema
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from typesense-js.