Solving csrf token problem by separating the front end of vue+ flask

That is, the attacker performs illegal operations (such as transferring money or posting) through cross-site requests as a legitimate user. The principle of CSRF is to steal the user's identity by using the Cookie of the browser or the session of the server.

The main method to prevent CSRF is to identify the identity of the requester by adding a token to the form.

Implementation process of front-end separation:

Backend write token

In order to protect all view functions of CSRF, it is necessary to open the CsrfProtect module:

Generate the token value, set the cookie with the request hook, and the front end can get the cookie value.

The front-end request brings the csrf_token value.

According to the business logic of login and registration, ajax request is adopted at present.

Therefore, when submitting a login or registration request, you need to add the key-value pair of X-CSRFToken in the request header.

Original link:/paul0926/article/details/94544048

What's the English name of Ma Han Rui?

A cross talk between Degang Guo and Yu Qian is about football. What's its name? Detailed introduction, thank you.

Roy is a lovely person. Do you like such a lovely person as Roy?

Classic for girls: In order to be beautiful in the future, it is necessary to suffer now.

In my example, the abbreviation of English screen name you use is very special and preferred.

How Mandela dealt with setbacks

classical Chinese

What model is Huawei nxt al10?

About Duncan's third-generation basketball shoes BCOOL

Does 7-day anti-aircraft artillery only call contacts? After reading this, you will understand the 7-day anti-aircraft artillery loan opening.