this is bad. rumour has it this is due to an admin’s json web token being leaked.
so I would advise all admins here not to log into 3rd party web apps (mobile apps should be okay) with their admin accounts, as the web apps usually proxy your requests (hence, they have your token), and they proxy not due to nefarious purposes, but due to some problem with cors (in other words, being forced to proxy your request isn’t really their fault, and once the cors problem is fixed in the lemmy backend, they can stop doing that).
this is bad. rumour has it this is due to an admin’s json web token being leaked.
so I would advise all admins here not to log into 3rd party web apps (mobile apps should be okay) with their admin accounts, as the web apps usually proxy your requests (hence, they have your token), and they proxy not due to nefarious purposes, but due to some problem with cors (in other words, being forced to proxy your request isn’t really their fault, and once the cors problem is fixed in the lemmy backend, they can stop doing that).
Thanks Zen, you’re a lifesaver. Brb pressing the emergency button