-
请求体携带_xsrf参数
新建⼀个⻚⾯xsrf.html: <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>测试XSRF</title> </head> <body> <a href="javascript:;" onclick="xsrfPost()">发送POST请求</a> <script src="http://cdn.bootcss.com/jquery/3.1.1/jquery.min.js"> </script> <script type="text/javascript"> //获取指定Cookie的函数 function getCookie(name) { var r = document.cookie.match("\\b" + name + "= ([^;]*)\\b"); return r ? r[1] : undefined; } //AJAX发送post请求,表单格式数据 function xsrfPost() { var xsrf = getCookie("_xsrf"); $.post("/new", "_xsrf="+xsrf+"&key1=value1", function(data) { alert("OK"); }); } </script> </body> </html>
-
HTTP头X-XSRFToken
新建⼀个⻚⾯json.html: <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>测试XSRF</title> </head> <body> <a href="javascript:;" onclick="xsrfPost()">发送POST请求</a> <script src="http://cdn.bootcss.com/jquery/3.1.1/jquery.min.js"> </script> <script type="text/javascript"> //获取指定Cookie的函数 function getCookie(name) { var r = document.cookie.match("\\b" + name + "= ([^;]*)\\b"); return r ? r[1] : undefined; } //AJAX发送post请求,json格式数据 function xsrfPost() { var xsrf = getCookie("_xsrf"); var data = { key1:1, key1:2 }; var json_data = JSON.stringify(data); $.ajax({ url: "/new", method: "POST", headers: { "X-XSRFToken":xsrf, }, data:json_data, success:function(data) { alert("OK"); } }) } </script> </body> </html>
Tornadao—带XSRF请求
最新推荐文章于 2021-09-09 13:22:16 发布