Can anyone confirm this: Do I need to provide a CSRF token and a captcha in a submission form,
Or two more or less serve the same function (can be used instead of each other)?
A captcha can be used instead of CSRF tokens This includes a captcha CSRF is considered to be a strong form of prevention compared to the examination of the token or referee because it can not be bypassed with the XSS.
Comments
Post a Comment