Open
Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
Parse Server is designed so that it can be booted up and tested easily. However, there are some default configurations that are insecure, meaning that when a developer transitions to production, they mightn't be aware of the openings which they haven't fixed.
Feature / Enhancement Description
Just like fileUpload
, migrate allowClientClassCreation
to default to false, expect for the core classes (such as _User).
Or:
Have 2 start scripts:
npm start:dev
// allows for any insecure option, such as allowClientClassCreation
or mountPlayground
npm start:prod
// overrides insecure options