I know CSRF attacks an example: in B site launched A request to A web site, the browser will take on A site of cookies to, so as to achieve the effect of the attack,
Django CSRF in defense, before a request by a get request to generate a token, and put the token in the form, the request with a token for validation,
My question is:
1. If B site starts A get request to A web site, can not get A token, then took the token to access A web site, it seems to reach the effect of the defense, don't know where I understand wrong,
2. Some people explain because of the same origin policy, B website can't visit A request, but according to my understanding, if so, then the attack is not established, and the homologous strategy should be used to protect the initiative of the web site (B) request of the request, and A site should not too big relations,
I hope you can give me say this process!!!!!!