The main method to prevent CSRF is to identify the identity of the requester by adding a token to the form.
Implementation process of front-end separation:
Backend write token
In order to protect all view functions of CSRF, it is necessary to open the CsrfProtect module:
Generate the token value, set the cookie with the request hook, and the front end can get the cookie value.
The front-end request brings the csrf_token value.
According to the business logic of login and registration, ajax request is adopted at present.
Therefore, when submitting a login or registration request, you need to add the key-value pair of X-CSRFToken in the request header.
Original link:/paul0926/article/details/94544048