Why would I be getting the Untrusted code map only remove documents by ID error on the Server?

charles · May 18, 2016, 4:27am

Isn’t server code always “trusted”?

The code in question is running in a package in the packages dir of my meteor app in Meteor 1.3.2.4.

This was working before I upgraded to Meteor 1.3

W20160518-00:20:59.810(-4)? (STDERR) Error: Not permitted. Untrusted code may only remove documents by ID. [403]
W20160518-00:20:59.810(-4)? (STDERR) at throwIfSelectorIsNotId (packages/allow-deny/allow-deny.js:483:11)
W20160518-00:20:59.811(-4)? (STDERR) at [object Object]._callMutatorMethod (packages/allow-deny/allow-deny.js:409:5)
W20160518-00:20:59.811(-4)? (STDERR) at [object Object].remove (packages/mongo/collection.js:594:17)

charles · May 18, 2016, 1:47pm

…aaand I was calling the remove method over a DDP connection from the server… nothing to see here. move along.