Meteor DevTool can see my collection


#1

Hi community,

I’ve removed insecure and autopublish packages from my Meteor project, but if i use Meteor DevTool on chrome, i can see all information : collections, packages, etc.

Exemple off my allow in /import/api/Collection.js :

import { Mongo } from 'meteor/mongo';

export const Collection = new Mongo.Collection('collection');

Collection.allow({
    insert: function(userId, doc) {
        return !! userId;
    },
    update: function(userId, post) { return true; },
    remove: function(userId, post) { return true; },
});

I think the problem is here, but i don’t know why all client is not secure.

Any idea ?

Thank you guys !