You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a use case where multiple users will be making use of a tool and so self-hosting and changing the NOTION_TOKEN as recommended wouldn't be a viable solution.
I've been adding the Authorization: Bearer <NOTION_TOKEN> header to my requests to private pages, but have noticed that because those pages are cached for a few seconds I if I then request the same URL without the authorisation header I can load private page data (tested from a separate device, so it's not just browser caching).
Either private pages shouldn't be cached, or their authorisations should be cached with them to prevent this.
The text was updated successfully, but these errors were encountered:
I have a use case where multiple users will be making use of a tool and so self-hosting and changing the
NOTION_TOKENas recommended wouldn't be a viable solution.I've been adding the
Authorization: Bearer <NOTION_TOKEN>header to my requests to private pages, but have noticed that because those pages are cached for a few seconds I if I then request the same URL without the authorisation header I can load private page data (tested from a separate device, so it's not just browser caching).Either private pages shouldn't be cached, or their authorisations should be cached with them to prevent this.
The text was updated successfully, but these errors were encountered: