CSRF (Cross Site Request Forgery), Chinese is cross-site request forgery. After the user has logged into the target website, the CSRF attacker induces the user to access an attack page, utilizes the trust of the target website to the user, and initiates a request for falsifying the user operation on the target website on the attack page to achieve the attacking purpose. for example Simple version: If the blog garden has a GET interface with a concern, the blogUserGuid parameter is obviously the person Id, as follows: So whenever someone opens my blog, it will automatically follow me. Upgraded version: If the blog garden still has an interface that pays attention, it has limited the data to only get POST requests. At this time, I will make a third-party page, but it contains the form submission code, and then spread through social tools such as QQ and email, tempting the user to open, and the user who opened the blog garden will be recruited. To correct an iframe problem before saying the example, someone will write it directly on the third-party page. as follows: This is a problem. Due to the same-origin policy , the iframe content cannot be loaded at all, so the form submission will not be executed. PS: I tried chrome, IE11, Firefox, and that's the case. So you can solve it by embedding a multi-page page, as follows: The first display page (test): Fiber Optic Test Equipment And Fiber Tools
Fiber Optic Test Equipment And Fiber Tools
Fiber Optic Test Equipment And Fiber Tools Sijee Optical Communication Technology Co.,Ltd , https://www.sijee-optical.com
