• @[email protected]
    link
    fedilink
    English
    01 month ago

    yes, but those frontends are typically tied closer to the backend than a public API.

    things like CSRF can help block abuse of the back end.

      • @[email protected]
        link
        fedilink
        English
        01 month ago

        well that’s poor planning and why bots are such a problem.

        I know CSRF tokens aren’t a silver bullet, but doing nothing to stop them does nothing to stop them.

        • @[email protected]
          link
          fedilink
          English
          11 month ago

          CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.