How does CSRF send cross-domain Cookie?

Cookie has the same origin policy, and different domain names cannot be accessed.
for example, there are two websites, AMague C, and website C is a malicious website. How does website C get the Cookie of website An and send a request to the server of website A?

Front-end cookie xss csrf javascript
Mar.21,2021


< hr >

the best way to prevent XSRF is to use CSRF-token.

< hr >

cookie is generally used to save information. When you send a request to the same server, you will bring the cookie saved by the browser to that server , no matter which website you send the request from.
so the backend needs to set Access-Control-Allow-Origin . The browser will see whether your access to the website is a domain allowed, send a request and get the data if it is allowed, and send a request if it is not allowed, but the js script cannot get the returned data (you can still see the return in NetWork).

< hr >

you can take a look at this article

.

Previous: How to use the relatively simple (or the simplest) method to Filter an array?

Next: How can JS achieve the effect that the page cannot be switched, similar to the effect of routing?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu