Current location - Quotes Website - Signature design - Solving csrf token problem by separating the front end of vue+ flask
Solving csrf token problem by separating the front end of vue+ flask
That is, the attacker performs illegal operations (such as transferring money or posting) through cross-site requests as a legitimate user. The principle of CSRF is to steal the user's identity by using the Cookie of the browser or the session of the server.

The main method to prevent CSRF is to identify the identity of the requester by adding a token to the form.

Implementation process of front-end separation:

Backend write token

In order to protect all view functions of CSRF, it is necessary to open the CsrfProtect module:

Generate the token value, set the cookie with the request hook, and the front end can get the cookie value.

The front-end request brings the csrf_token value.

According to the business logic of login and registration, ajax request is adopted at present.

Therefore, when submitting a login or registration request, you need to add the key-value pair of X-CSRFToken in the request header.

Original link:/paul0926/article/details/94544048