Home  >  Article  >  Operation and Maintenance  >  What does cross-site request forgery mean?

What does cross-site request forgery mean?

王林
王林Original
2020-06-28 17:05:145352browse

Cross-site request forgery, often abbreviated as CSRF or XSRF, is an attack method that coerces users to perform unintentional operations on the currently logged-in web application. CSRF takes advantage of the website's trust in the user's web browser.

What does cross-site request forgery mean?

Definition

Cross-site request forgery (Cross-site request forgery), also known as one-click attack or session riding, usually Abbreviated as CSRF or XSRF, it is an attack method that coerces users to perform unintentional operations on the currently logged-in web application.

Compared with cross-site scripting (XSS), XSS takes advantage of the user's trust in the specified website, while CSRF takes advantage of the website's trust in the user's web browser.

Defense measures:

1. Check the Referer field.

2. Add verification token.

The above is the detailed content of What does cross-site request forgery mean?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn