I'm working on a text based rpg, which includes a terminal style command input. One thing that worries me is that someone will use the API externally to gain an unfair advantage. The page uses ajax to call the api.I guess it kind of works like a chat system that uses an api. So, you wouldn't want people being able to use the API to spam the chat. So, is CSRF right for this situation? and How can I refresh the csrf value everytime a command is submitted, or is that a bad idea?Thanks, Scott
Submitted March 26, 2016 at 09:59PM by scottcfr
No comments:
Post a Comment