• baseless_discourse@mander.xyz
    link
    fedilink
    English
    arrow-up
    6
    ·
    8 months ago

    as the delete token isn’t stored anywhere on the backend.

    Backend of the app or the lemmy server? if it is not stored on the lemmy server then there will be no way to delete it even if the app stores the token.

    Also using a singular token that never expires to modify user content sounds like a bad idea. image operations like upload and delete should probably tied to the user credentials.

    • Sjmarf@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      8 months ago

      Backend of the app or the lemmy server? if it is not stored on the lemmy server then there will be no way to delete it even if the app stores the token.

      Apologies, I worded that badly. Lemmy uses an image hosting service called pictrs to manage the images you upload, which is largely separated from the rest of the Lemmy backend. Pictrs of course stores the delete tokens matching each image, but Lemmy doesn’t associate those tokens with the posts or comments they originated from as far as I know.