Anyone with a share link can RESET all website data in Umami
Summary Anyone with a share link (permissions to view) can reset the website data. Details When a user navigates to a /share/ URL, he receives a share token which is used for authentication. This token is later verified by useAuth. After the token is verified, the user can call most of the GET APIs that allow fetching stats about a website. The POST /reset endpoint is secured using canViewWebsite which …