Hi, I’ve been trying to update the logged user’s user.name from my react app, and I keep getting the following response"
{
(...)
status: 400
type: "cors"
}
The authentication works correctly using the wrapper, my app settings have been set to allow “http://localhost:3000” for all application URIs, and this is my code for updating the user.name:
Just wanted chime in and say that you can’t/shouldn’t get the update:users scope for a token in your SPA. This would allow a user to grab the token from the client and update any user in your DB.
You should be doing this type of update from a secure backend and validate the request for each user.
Hi @dan.woda , thanks for your help!
I guess I should create a single editor user then, and as you said, keep that token safe from users.
Thanks! I’ll look into that.