So I made a twitter clone but I discovered that anyone can just request a URL like this:
import requests
requets.post("/follow-user_u={target_user}", cookie={"username": "username"})
and make it so anyone can follow them if they change the cookie to another user's username
So how do I protect against this ? I'm using flask
Aucun commentaire:
Enregistrer un commentaire