I’ve conducted a full-text search in the source code, and the PARSE_SERVER_PROTECTED_FIELDS is only defined but not used anywhere.
docker-compose.yml
PARSE_SERVER_PROTECTED_FIELDS: |
{
"_User": {
"*": ["email", "emailVerified", "ip", "location", "isBanned"],
"role:admin": ["isBanned"]
}
}
Setting the protected fields in the dashboard doesn’t work either. The client can still modify the data at will (without using the master key).
Did I make a mistake somewhere?