• tfm@europe.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    22 hours ago

    It’s not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.

    • GreenKnight23@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      22 hours ago

      yes, but those frontends are typically tied closer to the backend than a public API.

      things like CSRF can help block abuse of the back end.

      • tfm@europe.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        22 hours ago

        Nope they all use the public API. Even the default Lemmy web client.

        • GreenKnight23@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          21 hours ago

          well that’s poor planning and why bots are such a problem.

          I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.

          • tfm@europe.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            13 hours ago

            CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.