What is CSRF?
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Some descriptions are at the bottom of the page:
http://docs.spring.io/autorepo/docs/spring-security/3.2.x/guides/helloworld.html
You can also read (before conclusion):
http://docs.spring.io/autorepo/docs/spring-security/3.2.x/guides/hellomvc.html#security-config-java
Some descriptions are at the bottom of the page:
http://docs.spring.io/autorepo/docs/spring-security/3.2.x/guides/helloworld.html
You can also read (before conclusion):
http://docs.spring.io/autorepo/docs/spring-security/3.2.x/guides/hellomvc.html#security-config-java
For Spring Security, notice that one description says:
" If you were not using Spring MVC taglibs or Thymeleaf, you can access the CsrfToken on the ServletRequest using the attribute _csrf. "
沒有留言:
張貼留言