Pro to [email protected]English • edit-21 month agoSlrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devimagemessage-square45fedilinkarrow-up114
arrow-up114imageSlrpnk instance is down till mid July; they might relaunch their server on piefed.programming.devPro to [email protected]English • edit-21 month agomessage-square45fedilink
minus-square@[email protected]linkfedilinkEnglish2•1 month agoIt’s not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.
minus-square@[email protected]linkfedilinkEnglish0•1 month agoyes, but those frontends are typically tied closer to the backend than a public API. things like CSRF can help block abuse of the back end.
minus-square@[email protected]linkfedilinkEnglish2•1 month agoNope they all use the public API. Even the default Lemmy web client.
minus-square@[email protected]linkfedilinkEnglish0•1 month agowell that’s poor planning and why bots are such a problem. I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
minus-square@[email protected]linkfedilinkEnglish1•1 month agoCSRF protection is a security feature not bot prevention. A bot would just need to get a token first.
It’s not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.
yes, but those frontends are typically tied closer to the backend than a public API.
things like CSRF can help block abuse of the back end.
Nope they all use the public API. Even the default Lemmy web client.
well that’s poor planning and why bots are such a problem.
I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.
CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.