Looks like the version of spam-be-gone on try.nodebb.org needs to be updated, the issue was fixed here https://github.com/akhoury/nodebb-plugin-spam-be-gone/commit/0872198eddd3f9e1bfc137be2e747ea8c58cca5a
I am a relatively new web developer, and wanted to know whether this was a good enough approach to my problem.
I have nodebb forums running on a subdomain, and want some of the details of the logged in user to be available to my main domain. I do not want a full fledged sso system or something like that, as I want minimum hassle. I was thinking of the following method, and wanted whether this is feasible from a technical and security point of view.
I was thinking of setting '.example.com' for my express cookie session so it is available on my main domain. From there, I can use this cookie to make a cURL request to a custom api endpoint on my forums, which basically returns the users details if the cookie can be authenticated.
I hope someone can help me, as I am unsure from a security point of view whether it is feasible.