function getCookie(name) {
var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
return r ? r[1] : undefined;
}
jQuery.postJSON = function(url, args, callback) {
args._xsrf = getCookie("_xsrf");
$.ajax({url: url, data: $.param(args), dataType: "text", type: "POST",
success: function(response) {
callback(eval("(" + response + ")"));
}});
};
these are the official tornado documentation tutorials to prevent cross-site attacks.
what I don"t understand is how to prevent csrf? here. If the attacker obtains the cookie, in the same way and sends it to the server, he can also achieve the effect of the attack. Please give me some advice.