If a visitor were to strip away the checksum in the URL, eg. just visiting directly /civicrm/gdpr/comms-prefs/update, and then submitting the form, GDPR activity records are created with no contact reference.
Can the lack of checksum, or an expired one, be blocked from creating records?
If a visitor were to strip away the checksum in the URL, eg. just visiting directly /civicrm/gdpr/comms-prefs/update, and then submitting the form, GDPR activity records are created with no contact reference.
Can the lack of checksum, or an expired one, be blocked from creating records?