Post request, browser cookies will be automatically added to the request header, but different token, the token is specially designed to prevent CSRF token developers, the browser will not automatically added to the headers, the attacker can access the user's token, so submitted form cannot filter, the server will not attack formation, "
"The token on the client side, generally stored in localStorage, cookie, or sessionStorage, generally stored in the server database"
If the token is cookies when sending a request will be placed in the header?
What is the root cause of this problem? A great god, please explain