Cross-site request forgery (CSRF) and cross-domain problem - Code World

Cross-site request forgery (CSRF) and cross-domain problem

Others 2019-07-21 09:25:06 views: null

1.CSRF defined

Camouflage requests from trusted users access to trusted sites, (the attacker stole your identity, to your name send malicious request)
Produce condition

1、用户要登录受信任的网站，并在本地生成cookie
2、在不退出安全网站的情况下，访问危险网站

Response options

(1)验证 HTTP Referer 字段；查看请求来源的地址
(2)在请求地址中添加 token 并验证；
(3)在 HTTP 头中自定义属性并验证
(4)在表单中添加from.csrf_token

2. Cross-domain issues

Front-end processing Jsonp
The background is simple, non-simple request for pre-screening (options)
response['Access-Control-Allow-Methods'] 指定cent_type,token

from django.middleware.security import  MiddlewareMixin
class MyMiddle(MiddlewareMixin ):
    def process_response(self,request,response):
        if request .method=='OPTIONS':
            response['Access-Control-Allow-Methods'] = '*'
            response['Access-Control-Allow-Headers'] = '*'
        response['Access-Control-Allow-Origin'] = '*'
        return response

# 在settings里配置
 # 'app01.utils.myMiddle.MyMiddle'

Guess you like

Origin www.cnblogs.com/quqinchao/p/11220127.html

Cross-site request forgery (CSRF) and cross-domain problem

csrf cross-site request forgery attacks,

Cross-Site Request Forgery (CSRF)

CSRF (cross-site request forgery)

On CSRF (cross-site request forgery) attacks

CSRF Cross-Site Request Forgery

CSRF — Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF)

ValidateAntiForgeryToken prevent CSRF (cross-site request forgery) ValidateAntiForgeryToken prevent CSRF (cross-site request forgery)

web security study notes (nine) CSRF (Cross-Site Request Forgery) Cross-Site Request Forgery

Cross-site request forgery (CSRF) Summary and defense

DVWA vulnerability Range - Cross-site request forgery (CSRF)

Django - csrf cross-site request forgery, Auth authentication module

Infiltration of the Basic - cross-site request forgery CSRF

pikaqiu practice platform (CSRF (cross-site request forgery))

Pikachu-- cross-site request forgery (CSRF)

pikachu Learning --CSRF (cross-site request forgery)

CSRF cross-site request forgery in penetration testing

Cryptography series: csrf cross-site request forgery

CSRF Supplement - Cross-Site Request Forgery FBV

JSF responds to Cross-Site Request Forgery (CSRF) attacks

Browser security CSRF cross-site request forgery

What is a cross-site request forgery (CSRF) attack? How to prevent it?

CSRF—Cross Site Request Forgery

CSRF cross-site forgery request attack-CSRF phishing adds administrator account and security precautions

How to prevent Cross Site Request Forgery (CSRF)?

Pikachu-----CSRF (Cross Site Request Forgery)

(Vi) cross-site request forgery

MVC cross-site request forgery

Cross-site request forgery attack

Recommended

"U.S. Threats and Damage to Global Cyberspace Security and Development" report released

Ranking

[DP] expected [UVA1498] Activation

What is the ABAP Dynpro program

记录一下halcon例程报错和两个视觉库感兴趣区域绘制

characterReplacement-the longest repeated character after replacement

Target element by id somewhere within an element targeted by id

Test classification

NOI 8780 interceptor missile linear dp

Equipment inspection management wants to fine, light streams Weapon children

sql packet takes the value of the most

Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system

Daily

More

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)