[英]How to use Symfony CSRF Tokens with React JS
I'm doing a SPA with Symfony and React JS, and my ask is how can I use the Symfony CSRF Token generator with react to avoid CSRF Attacks?我正在使用 Symfony 和 React JS 进行 SPA,我的问题是如何使用 Symfony CSRF 令牌生成器来避免 CSRF 攻击?
If you develop an SPA, then you're also building an API on Symfony side.如果您开发 SPA,那么您也在 Symfony 端构建 API。 (that's usually what people do)
(这通常是人们所做的)
Since CSRF issue is only related to forms and not APIs (because they usually are stateless), then you just do not manage CSRF issue.由于 CSRF 问题仅与 forms 而不是 API 相关(因为它们通常是无状态的),所以您只需不管理 CSRF 问题。 If we usually do not have this problem, keep in mind that you still need to deal with it if you use cookies/sessions .
如果我们通常没有这个问题,请记住,如果您使用 cookie/sessions ,您仍然需要处理它。 If you do so, then I recommand you to read the documentation of the csrf component of Symfony .
如果您这样做,那么我建议您阅读Symfony 的 csrf 组件的文档。
More insights here: https://security.stackexchange.com/questions/166724/should-i-use-csrf-protection-on-rest-api-endpoints更多见解在这里: https://security.stackexchange.com/questions/166724/should-i-use-csrf-protection-on-rest-api-endpoints
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.