About the confusion of node csurf in preventing csrf attacks?

in node csurf anti-csrf attacks, the front end first requests a token and then takes this koken for verification every time it sends a request, but a hacker can bring this token, when the page crawls the token, and then simulates the request on his own website. Does it not work if the csurf doesn"t throw away?

Mar.28,2021

the same origin policy cannot grab this token


each time the token changes the

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b2b858-2ba91.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b2b858-2ba91.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?