You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IMHO I don't think telling a bad actor their reCAPTCHA score is a security best practice, as happens now in fields.py. A configurable option to optionally throw SuspiciousOperation and/or PermissionDenied instead, with a customizable message, would be preferable in a lot of use cases, and definitely not inform the bad actor of their score, unless say DEBUG = True.
The text was updated successfully, but these errors were encountered:
IMHO I don't think telling a bad actor their reCAPTCHA score is a security best practice, as happens now in fields.py. A configurable option to optionally throw SuspiciousOperation and/or PermissionDenied instead, with a customizable message, would be preferable in a lot of use cases, and definitely not inform the bad actor of their score, unless say DEBUG = True.
The text was updated successfully, but these errors were encountered: