My application is fetching the back end data using Ajax calls 90% of the times. I would need to implement CSRF prevention for all these calls. So i need to pass the tokens with each calls. Where do i generate the tokens? in client side or server side? if i create the tokens in JavaScript, how do i validate the same in java? Or is there any better way to do this? I am using prototype js for Ajax calls and java struts 1.3 back end
I tried using the struts tokens, but it wont work since no forms associated with the struts actions.
请参考OWASP CSRF参考。这将澄清您的所有疑问
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.