How does the "hostnames" part work in turnstile
Does it just rely on the referrer part of the headers and makes sure it belongs to the specified host?
Can it be faked using postman? (and other tools ofc)
and what about people who solve captchas for money how do they do it if they login on an external website and fetch challenges with a public key?
1 Reply
what about mobile apps?
I think I'm wrong right? it does not work like that