From 3b8a8a0724e48df33ad132de259111a631fc805c Mon Sep 17 00:00:00 2001 From: dblythy Date: Sun, 4 Apr 2021 22:22:47 +1000 Subject: [PATCH 1/2] add afterFind considerations --- _includes/cloudcode/cloud-code.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/_includes/cloudcode/cloud-code.md b/_includes/cloudcode/cloud-code.md index eba5519fa..e43073c1f 100644 --- a/_includes/cloudcode/cloud-code.md +++ b/_includes/cloudcode/cloud-code.md @@ -672,6 +672,9 @@ Parse.Cloud.afterFind(Parse.User, async (request) => { }) ``` +### Some considerations to be aware of +- If you use the `masterKey` to fetch a pointer in an `afterFind` trigger, it will be sent in full to the client. Be sure to check that the returned objects and pointers are secured prior to returning to the client. + # Session Triggers ## beforeLogin From acb775dc7c92e44f6573a068754226cc84c72070 Mon Sep 17 00:00:00 2001 From: dblythy Date: Wed, 7 Apr 2021 22:00:27 +1000 Subject: [PATCH 2/2] Update cloud-code.md --- _includes/cloudcode/cloud-code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/cloudcode/cloud-code.md b/_includes/cloudcode/cloud-code.md index e43073c1f..f15569609 100644 --- a/_includes/cloudcode/cloud-code.md +++ b/_includes/cloudcode/cloud-code.md @@ -673,7 +673,7 @@ Parse.Cloud.afterFind(Parse.User, async (request) => { ``` ### Some considerations to be aware of -- If you use the `masterKey` to fetch a pointer in an `afterFind` trigger, it will be sent in full to the client. Be sure to check that the returned objects and pointers are secured prior to returning to the client. +- If you use the `masterKey` to fetch a pointer in an `afterFind` trigger, it will be sent in full to the client. Prior to returning to the client, be sure to check that the returned objects and pointers do not contain information that the client should not be able to access # Session Triggers