Cross Site Request Forgery
跨站请求伪造
下面是一个测试的demo
如下服务
let num = 100
router.get('/getnum', (req,res) => {
console.log(req.headers.referer)
var data={
"message": "success",
"code": 200,
"data": {
"balanceAccount": num,
}
}
console.log(num)
res.json(data)
})
router.get('/delete', (req,res) => {
num = 0
var data={
"message": "success",
"code": 200,
}
console.log(num)
res.json(data)
})
页面1
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<div id="parent">
<p>
this is csrf
</p>
</div>
<button>delete</button>
</body>
<script>
fetch("http://localhost:3000/test/getnum")
.then(
function (response) {
if (response.status !== 200) {
console.log("存在一个问题,状态码为:" + response.status);
return;
}
//检查响应文本
response.json().then(function (data) {
console.log(data);
document.getElementById('parent').innerHTML += data.data.balanceAccount
});
}
)
.catch(function (err) {
console.log("Fetch错误:" + err);
});
</script>
</html>
页面2
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<img src="http://localhost:3000/test/delete" alt="" srcset="">
</body>
</html>
当页面1的用户登陆后,再去访问页面2,页面2就可以获取用户的信任凭证(cookie),就可以服务器的上的num给设置为0了.
防范:
1、验证码
2、Referer Check,该方法还能盗图
3、添加token验证