Home > Back-end >  CSRF attacks, JQUERY cannot solve, can only handle
CSRF attacks, JQUERY cannot solve, can only handle

Time:12-01

CSRF, use JQUERY is not fully resolved, especially the development to late to solve loopholes CSRF attacks, to an almost finished project to add csrftoken each request, and csrfparam is terrible;

CSRF is mainly aim at ajax, here to take advantage of global ajax ajax requests to do an intercept,


Front end:





The $(document). AjaxSend (function (event, request, Settings) {
Var csrftoken=$(" # csrftoken "). Val ();
Request. SetRequestHeader (" csrftoken csrftoken);
Var url=Settings. The url;
If (Settings. Url. IndexOf ("?" )!=1) {
Settings. The url=url + "& amp; CsrfParam="+ csrftoken;
} else {
Settings. Url=url + "? CsrfParam="+ csrftoken;
}
});

Here does not recommend using ajaxStart embedded ajaxSetup;


Background:



Ifram can also be the same as the above processing

Solved such ajax CSRF attacks, for some export, link is his way to los first;

Page link:https//www.codepudding.com/Backend/90625.html

Prev:Help: eclipse installation shows cannot create virtual machine and a fatal error
Next:Spring - how to modify RequestParam required parameters in the web of the default validation behavio
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding