About CSRF Defense

I want to defend my login page against CSRF, but I don"t know what to do
now the page uses axios+ Tencent verification code (AJAX)

Jun.08,2022

add a unique header header, and the background only receives requests with that header header. And verify its value.
add authentication to the source of the request refferer, and reject all requests other than your own.
set access control allow origin to several sites you need. Or cross-domain requests are not open at all.


you can use both token and signature verification, which requires both the front end and the server.


1. User submissions are detected through referer, token, or CAPTCHA.
2. Try not to expose users' private information in the links on the page.
3. It is best to use the post operation for actions such as user modifications and deletions.
4. Avoid the general cookie of the whole station, and strictly set the domain of cookie.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e4c09c-441d8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e4c09c-441d8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?