A post was split to a new topic: How can I add a Bearer token to the Auth headers?
I think that we should add an explicit note in the documentation about Frontity Query Options that they should be treated as an untrusted user input and never ever passed as parameters to arbitrary functions, etc.
Imagine that someone has the writes the following (very exaggerated) example:
const { foo } = state.frontity.options;
saveToDatabase(foo); // you're screwed
runCommand(`npx frontity ${foo}`) // you're screwed even more