How does CSRF send cross-domain Cookie?

Cookie has the same origin policy, and different domain names cannot be accessed.
for example, there are two websites, AMague C, and website C is a malicious website. How does website C get the Cookie of website An and send a request to the server of website A?



< hr >

the best way to prevent XSRF is to use CSRF-token.

< hr >

cookie is generally used to save information. When you send a request to the same server, you will bring the cookie saved by the browser to that server , no matter which website you send the request from.
so the backend needs to set Access-Control-Allow-Origin . The browser will see whether your access to the website is a domain allowed, send a request and get the data if it is allowed, and send a request if it is not allowed, but the js script cannot get the returned data (you can still see the return in NetWork).

< hr >

you can take a look at this article

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e50071-43b59.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e50071-43b59.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?