Currently when user shares E2E encrypted files we're appending the master key to the end of the URL using
It's not giving access to other files, but it's not ideal for a user to reveal their master key. It's leaking some security context which in principle could be used as an additional info in a more targeted attacks.
Instead we should generate specific share key applicable only to shared resources.