Home > front end >  Some confusion about the Django CSRF token?
Some confusion about the Django CSRF token?

Time:10-20

I know CSRF attacks an example: in B site launched A request to A web site, the browser will take on A site of cookies to, so as to achieve the effect of the attack,
Django CSRF in defense, before a request by a get request to generate a token, and put the token in the form, the request with a token for validation,
My question is:
1. If B site starts A get request to A web site, can not get A token, then took the token to access A web site, it seems to reach the effect of the defense, don't know where I understand wrong,
2. Some people explain because of the same origin policy, B website can't visit A request, but according to my understanding, if so, then the attack is not established, and the homologous strategy should be used to protect the initiative of the web site (B) request of the request, and A site should not too big relations,
I hope you can give me say this process!!!!!!

Page link:https//www.codepudding.com/frontend/69402.html

Prev:Busy for a long time to do a free web site under test
Next:shortcuts
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding