4 points | by andes314 3 days ago ago
1 comments
The client's POST requests should just include the message the user sent, not the entire chat history. The chat history should live on the server. Trusting the client to provide an accurate history is bad security.
The client's POST requests should just include the message the user sent, not the entire chat history. The chat history should live on the server. Trusting the client to provide an accurate history is bad security.