dropthejase slams the doors on the cloud setup
Two fixes close the open-by-default holes in this fork's cloud infrastructure, so document access is locked to the app itself.
When dropthejase first stood up the cloud plumbing for this fork, a few things were left wide open by default - the kind of placeholder settings that work in a demo but shouldn't survive to production. This pair of changes tightens them. Document storage now only answers requests coming from the fork's own web address, rather than from anywhere on the internet, and the same lock is applied to the main back-end gateway.
The second fix matters most for anyone thinking about confidentiality: when a user signs out, their access to stored documents is now revoked promptly, instead of lingering until a cached session quietly expired. Sign-out finally means sign-out.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?