• tfm@europe.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 day ago

    Nope they all use the public API. Even the default Lemmy web client.

    • GreenKnight23@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      24 hours ago

      well that’s poor planning and why bots are such a problem.

      I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.

      • tfm@europe.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        15 hours ago

        CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.