Tornado xsrf

function getCookie(name) {
    var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
    return r ? r[1] : undefined;
}

jQuery.postJSON = function(url, args, callback) {
    args._xsrf = getCookie("_xsrf");
    $.ajax({url: url, data: $.param(args), dataType: "text", type: "POST",
        success: function(response) {
        callback(eval("(" + response + ")"));
    }});
};

these are the official tornado documentation tutorials to prevent cross-site attacks.
what I don"t understand is how to prevent csrf? here. If the attacker obtains the cookie, in the same way and sends it to the server, he can also achieve the effect of the attack. Please give me some advice.

Apr.01,2021

the key point is "cross-station". You understand what this means first

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1be913b-31929.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1be913b-31929.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?