zoukankan      html  css  js  c++  java
  • Ajax -CSRF

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Title</title>
    </head>
    <body>
        <form action="/login" method="post">
      <!--{% raw xsrf_form_html() %}-->
      <input type="text" name="message"/>
      <input type="submit" value="Post"/>
    </form>
        <input type="button" value="Ajax CSRF" onclick="SubmitCsrf();"/>
        <script src="jquery-3.1.1.js"></script>
    <script>
        function getCookie(name) {
        var r = document.cookie.match("\b" + name + "=([^;]*)\b");
        return r ? r[1] : undefined;
    }
        function SubmitCsrf() {
            var nid = getCookie('_xsrf');
            $.post({
                url:'/csrf',
                data:{'k1':'v1','_xsrf':nid},
                success:function (callback) {
                    console.log(callback);
                }
            })
        }
    </script>
    </body>
    </html>
     1 #!/usr/bin/env python
     2 import tornado.ioloop
     3 import tornado.web
     4 class MainHandler(tornado.web.RequestHandler):
     5     def get(self, *args, **kwargs):
     6         self.render('login.html')
     7     def post(self, *args, **kwargs):
     8         self.render('login.html')
     9 class LoginHandler(tornado.web.RequestHandler):
    10     def get(self, *args, **kwargs):
    11         self.render('login.html')
    12     def post(self, *args, **kwargs):
    13         self.render('login.html')
    14 settings = {
    15     "xsrf_cookies": True,
    16 }
    17 application = tornado.web.Application([
    18     (r"/", MainHandler),
    19     (r"/login", LoginHandler),
    20 ], **settings)
    21 if __name__ == '__main__':
    22     application.listen(8888)
    23     tornado.ioloop.IOLoop.instance().start()
  • 相关阅读:
    Milking Time---poj3616(简单dp)
    elasticsearch-入门(一)
    Spring Cloud Sleuth(十四)
    Spring Cloud Stream(十三)
    Spring Cloud-Bus(十二)
    Spring Cloud-config(十一)
    mac Gitblit安装
    git学习笔记
    java陷阱之spring事物管理导致锁无效
    Spring Cloud-Zuul(十)
  • 原文地址:https://www.cnblogs.com/shiluoliming/p/6561271.html
Copyright © 2011-2022 走看看