Hi,
I found below info, if so, the MASTER_KEY seems will be exposed to the client side, which is quite unsafe. How about adding the beforeLoginAs hook at least? So we could handle them at the cloud side …
Thanks a lot.
connection.request('GET', '/parse/loginAs?%s' % params, '', {
"X-Parse-Application-Id": "${APPLICATION_ID}",
"X-Parse-REST-API-Key": "${REST_API_KEY}",
"X-Parse-Master-Key": "${MASTER_KEY}",
"X-Parse-Revocable-Session": "1"
})
...
the /loginAs endpoint does not run the beforeLogin or afterLogin hooks