Hi everyone,
As the title suggests, I’m puzzled on why I’m still able to subscribe to publications without authentication.
I made sure that autopublish is removed.
$ meteor remove autopublish
autopublish is not a direct dependency in this project.
I’m using simpleDDP, to connect to meteor app:
Here is an example of publication:
Meteor.publish('usersList', function () {
return Meteor.users.find()
});
Here is an example of simpleDDP function:
const server = new simpleDDP(opts);
let usersList = server.subscribe("usersList");
let reactiveUserCollection = server.collection('users').reactive();
console.log('reactiveCollection', reactiveCollection.data())
In the browser console, I’m able to see an object with all users documents
Any ideas?