Home > Article > Operation and Maintenance > What does cross-site request forgery mean?
Cross-site request forgery, often abbreviated as CSRF or XSRF, is an attack method that coerces users to perform unintentional operations on the currently logged-in web application. CSRF takes advantage of the website's trust in the user's web browser.
Definition
Cross-site request forgery (Cross-site request forgery), also known as one-click attack or session riding, usually Abbreviated as CSRF or XSRF, it is an attack method that coerces users to perform unintentional operations on the currently logged-in web application.
Compared with cross-site scripting (XSS), XSS takes advantage of the user's trust in the specified website, while CSRF takes advantage of the website's trust in the user's web browser.
Defense measures:
1. Check the Referer field.
2. Add verification token.
The above is the detailed content of What does cross-site request forgery mean?. For more information, please follow other related articles on the PHP Chinese website!