A problem with the front end of WEB. I have a http Server, written by java that calls the open source Nanohttpd, page. The data on the Nanohttpd, page is submitted through
xhttp.open ("POST", url, true);
xhttp.setRequestHeader ("Content-type", "application/x-www-form-urlencoded");
xhttp.send ("");
). How do I achieve CSRF attacks in this way? I checked the information and said that I can add token,. How can I add it?
after the user logs in, a unique token, is generated and passed to the front end. Each time the front end sends a request, it takes this token for verification
can verify referer
check that the referer field
HTTP header has a Referer field, which is used to indicate which URL the request came from. Generally speaking, the Referer field should be under the same domain name as the requested address. The server can determine the source of the request by judging the Referer field.
this method is simple and easy, but it also has its limitations. The http protocol cannot guarantee the specific implementation of the visiting browser, so you can attack
using token
token is not stored in cookie, so the attacker cannot get the randomly generated token, and cannot execute the CSRF attack
Event delegation can be implemented in jquery as follows, and dynamically added tr can also trigger this event $( "-sharpdataTable tbody" ).on( "click", "tr", function() { console.log( $( this ).text() ); }); how do I ...
our company s system is an intranet system, and we have not paid attention to the problem of parallel ultra vires before. Recently, the company conducted a security test to issue this problem, that is, users can ultra vires access to other users or orde...
figure 1 says that the utf-8 code of "Spring Festival " is E698 A5 E8 8A 82 then I transcoded "Spring Festival " with utf-8 with tools, and found that it was Spring Festival . could you tell me what this is all about? Or is there something wron...
proxyTable: { server : { target: http: localhost:8000 , ? secure: false, https? changeOrigin: true, ? pathRewrite: { ^ api : } } user : { tar...
the new project is the background of a Java development of springboot, and the front-end framework uses this bootstrapTable framework. Now the project needs to use the echarts plug-in. I would like to ask how to integrate echarts into it and complete the...
The control of HTML5 can not meet the requirements. I wonder if the control that needs to be implemented in Java can be partially covered on webview. Can it be realized technically? is for display only and does not require any user interaction. ...
< html > < head > < meta charset= "utf-8 " > < title > js-01.html < title > < script > var today=new Date (); var year=today.getYear (); var month=today.getMonth (); var hour=today.getHours (); var minute=today.getMinutes (); < script...
after slicing the video, how to put it into the player after the request comes back without conflict! how can this be added to the back of the player without replacing the original? ...