In the case of restful cross-domain, the client requests how to obtain csrf token? for the first time.

according to the official document of eggjs:

in the default configuration of CSRF, token is set in Cookie. When an AJAX request is made, token, can be taken from Cookie and sent to the server in query, body or header.

In jQuery: 

var csrftoken = Cookies.get("csrfToken");

function csrfSafeMethod(method) {
  // these HTTP methods do not require CSRF protection
  return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
  beforeSend: function(xhr, settings) {
    if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
      xhr.setRequestHeader("x-csrf-token", csrftoken);
    }
  },
});

in the case of restful and cross-domain, the requested page file will not go through the eggjs server, so csrf token, will not be planted in cookie when the first request is post (for example, login), and there is no csrf token in the client cookie, so the request is bound to fail. How to solve this problem only when the csrf token, in the cookie can be read after initiating the request again?

add: is restful based on token authentication free of csrf risk?

Eggjs koa.js csrf
Mar.13,2021

csrf token can only be returned by the server. Pass the csrf whitelist

.

Previous: How does django receive json data from post?

Next: Output file during webpack hot UPDAT

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu