I have implemented OWASP CSRF Guard into my web application. Clien don't want CSRF token append on browser URL.How to avoid CSRF token in URL.
I want userhome.do to be protected but don't want OWASP-CSRFTOKEN=GRV3-6UN1-OACJ-1NFX-H1HP-OAIH-YSQZ-QXGA in URL.
您可以将csrf令牌保存在会话中,而网址将不再持有csrf令牌
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.