HTTP cookies

Cross-site request forgery (CSRF) 这篇文章很好的解释了 CSRF 存在的来由,通过伪造 <img> 资源或 form 请求,以达到跨站获取当前用户 cookie 实现跨站攻击的目的,一个比较好的解决方式便是在后端生成 CSRF token 发送给前端,并在提交数据时在后端验证 token,此方法 只是针对 post,put 等会修改后端内容的方法,针对 get 则在设计上遵循幂等性只请求后端资源,而不进行修改。

HTTP cookies

comments powered by Disqus

Tags

abcs accept acid activemq affinity algorithm allocation android array async aws b+tree b-tree backoff benchmark best-practices bfs big-o bigquery bind bitcount blog break broker bubble buffer cache cap cert cgroups channel citus class classmethod cluster concurrency config consumer container cookie cors crawler cronjob csrf ctr data-science data-structure database datadog dataflow datascience decorator defer dfs distributed django dns docker double-shipping drf ecosia elastic-search enumerate epoll extra facebook-pixel financial-report flask flutter forward-proxy freelance frp garbage-collector gc gcp generator get gil git golang goroutine graphql ha handbook haproxy hash hash-slot hashring hashtable hpa http http-auth http-proxy http_proxy https index innodb instagram intergration interview ios javascript jinja2 jobboard jwt k8s kafka kibana kqueue label lambda layer4 layer7 lean levels.io linked-list linux list listen loadbalancer logs long-tail lru marketing master matplotlib memory merge metaclass metaprogramming metrics metrics-server microservices mitm model mq myisam mysql namespace nat netflix network-extension nginx nodejs nomad nosql npm oodesign openssl optimization orm pandas parallelism parkinglot patroni permission pg pipeline pixelme post postgresql postresql prefetch_related prerender process proxy proxycommand put pvm python queue rabbitmq rbac react-native rebase redis redis-cluster replication resource rest restfulapi retargeting retry revenue reverse-proxy rocketmq saas scaleable search-engine security select seo serverless service session set shadosocks shadowsocks shard sharding shell shopify sigint signal sigterm slack slave slow-query sniper sns socket socks5 source-code spa sql sqlalchemy sqs ssh ssl ssl-pinning stack startup state stateful stateless staticmethod string struct swift switch syscall system-design systemctl tcp tcp-proxy thread tmpreaper token traefik trustkit tunning type typeform udp variable vc vpn vuejs web web-development where yarn zset 削峰 宽索引 异步 窄索引 解耦 跨域 跳板机



Archives

2019 (137)
0001 (1)