Are they just an issue with wefwef or trying to use an exploit

  • 𝙚𝙧𝙧𝙚@feddit.win
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    I’d be willing to bet they’re using the API to make all the changes. The cookie has the jwt token. I don’t believe you need the username (at least judging by the js API docs).

    • Tartas1995
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Someone said they think it is to know if the user is admin. I haven’t verify it. And I tried to make clear that username was a guess.