Cross-site request forgery, often abbreviated as CSRF or XSRF, is an attack method that coerces users to perform unintentional operations on the currently logged-in web application. CSRF takes advantage of the website's trust in the user's web browser.
Definition
Cross-site request forgery (Cross-site request forgery), also known as one-click attack or session riding, usually Abbreviated as CSRF or XSRF, it is an attack method that coerces users to perform unintentional operations on the currently logged-in web application.
Compared with cross-site scripting (XSS), XSS takes advantage of the user's trust in the specified website, while CSRF takes advantage of the website's trust in the user's web browser.
Defense measures:
1. Check the Referer field.
2. Add verification token.
The above is the detailed content of What does cross-site request forgery mean?. For more information, please follow other related articles on the PHP Chinese website!
Excel input value is illegal
What should I do if the web video cannot be opened?
How to solve the computer prompt of insufficient memory
java output statement
vcruntime140.dll cannot be found and code execution cannot continue
How to clear float in css
What are the parameters of marquee?
Main class not found or unable to load
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
