WEB CSRF Defense issu

A problem with the front end of WEB. I have a http Server, written by java that calls the open source Nanohttpd, page. The data on the Nanohttpd, page is submitted through
xhttp.open ("POST", url, true);
xhttp.setRequestHeader ("Content-type", "application/x-www-form-urlencoded");
xhttp.send ("");
). How do I achieve CSRF attacks in this way? I checked the information and said that I can add token,. How can I add it?

Mar.19,2021

after the user logs in, a unique token, is generated and passed to the front end. Each time the front end sends a request, it takes this token for verification


can verify referer


check that the referer field
HTTP header has a Referer field, which is used to indicate which URL the request came from. Generally speaking, the Referer field should be under the same domain name as the requested address. The server can determine the source of the request by judging the Referer field.
this method is simple and easy, but it also has its limitations. The http protocol cannot guarantee the specific implementation of the visiting browser, so you can attack

by tampering with the Referer field.

using token
token is not stored in cookie, so the attacker cannot get the randomly generated token, and cannot execute the CSRF attack

https://blog.csdn.net/ran_max.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e44592-44abe.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e44592-44abe.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?