These are chat archives for deployd/contributors

11th
Feb 2015
Andrei Alecu
@andreialecu
Feb 11 2015 16:50
guys, so deployd lets you use cross domain requests to it from any originating domain
this means that anyone can do a get on something like yourapp.com/users/me and if you're already logged in, they'll have unlimited access from any domain
we need to lock that down before it starts becoming a problem for people
instead of trusting whatever the originating host is, that needs to be explicitly set by configuration
Nicolas Ritouet
@NicolasRitouet
Feb 11 2015 16:56
true
Andrei Alecu
@andreialecu
Feb 11 2015 18:13
so I think this means it definitely cannot be used in production for public sites at the moment
what was the url of your heroku sample app?