Skip to content

Commit d72de0c

Browse files
qiwsirqiwsir
committedMay 28, 2015
tornado
1 parent 492d76a commit d72de0c

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed
 

‎307.md

+3-1
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,9 @@ XSRF的含义是Cross-site request forgery,即跨站请求伪造,也称之
270270
});
271271
});
272272

273-
函数getCookie()的作用是得到cookie值,然后将这个值放到向后端post的数据中`var pd = {"username":user, "password":pwd, "_xsrf":getCookie("_xsrf")};`
273+
函数getCookie()的作用是得到cookie值,然后将这个值放到向后端post的数据中`var pd = {"username":user, "password":pwd, "_xsrf":getCookie("_xsrf")};`。运行的结果:
274+
275+
![](./3images/30704.png)
274276

275277
这是tornado提供的XSRF防护方法。是不是这样做就高枕无忧了呢?<strong>没这么简单。要做好一个网站,需要考虑的事情还很多</strong>。特别推荐阅读[WebAppSec/Secure Coding Guidelines](https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines)
276278

‎3images/30704.png

92.7 KB
Loading

0 commit comments

Comments
 (0)
Please sign in to comment.