The original article also mentioned how to resist cross-site request forgery
过去多啦不再A梦2017-06-14 10:55:58
http://www.cnblogs.com/libin-...
You can refer to this article. The most effective way to prevent xsrf is to add custom attributes in the request header. The attribute value is the token returned by the background (generally stored in the cookie), when the backend server accepts the request from the browser, it will get the token in the request header for comparison.