Introduction to SpringSecurity's method of handling CSRF attacks
This article brings you an example explanation of Django's FBV and CBV. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.
CSRF Vulnerability Status
CSRF (Cross-site request forgery) cross-site request forgery, also known as One Click Attack or Session Riding, usually abbreviated as CSRF or XSRF is a malicious use of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, which exploits trusted users within a site, and CSRF, which exploits trusted websites by masquerading as requests from trusted users. Compared with XSS attacks, CSRF attacks tend to be less popular (so resources to prevent them are also quite scarce) and difficult to prevent, so they are considered more dangerous than XSS.
CSRF is an obfuscated proxy attack that relies on web browsers.
POM dependency
<!-- 模板引擎 freemarker --> <dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-freemarker</artifactid> </dependency> <!-- Security (只使用CSRF部分) --> <dependency> <groupid>org.springframework.security</groupid> <artifactid>spring-security-web</artifactid> </dependency>
Configuration filter
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
/**
* 配置CSRF过滤器
*
* @return {@link org.springframework.boot.web.servlet.FilterRegistrationBean}
*/
@Bean
public FilterRegistrationBean<csrffilter> csrfFilter() {
FilterRegistrationBean<csrffilter> registration = new FilterRegistrationBean();
registration.setFilter(new CsrfFilter(new HttpSessionCsrfTokenRepository()));
registration.addUrlPatterns("/*");
registration.setName("csrfFilter");
return registration;
}
}</csrffilter></csrffilter>
Add CSRF hidden fields in the form request
<input>
Add header in AJAX request
xhr.setRequestHeader("${_csrf.headerName}", "${_csrf.token}");
jQuery’s Ajax global configuration
jQuery.ajaxSetup({
"beforeSend": function (request) {
request.setRequestHeader("${_csrf.headerName}", "${_csrf.token}");
}
});The above is the detailed content of Introduction to SpringSecurity's method of handling CSRF attacks. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
SublimeText3 Chinese version
Chinese version, very easy to use
