首页 > 代码库 > Ajax -CSRF

Ajax -CSRF

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <form action="/login" method="post">
  <!--{% raw xsrf_form_html() %}-->
  <input type="text" name="message"/>
  <input type="submit" value="Post"/>
</form>
    <input type="button" value="Ajax CSRF" onclick="SubmitCsrf();"/>
    <script src="jquery-3.1.1.js"></script>
<script>
    function getCookie(name) {
    var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
    return r ? r[1] : undefined;
}
    function SubmitCsrf() {
        var nid = getCookie(_xsrf);
        $.post({
            url:/csrf,
            data:{k1:v1,_xsrf:nid},
            success:function (callback) {
                console.log(callback);
            }
        })
    }
</script>
</body>
</html>
 1 #!/usr/bin/env python
 2 import tornado.ioloop
 3 import tornado.web
 4 class MainHandler(tornado.web.RequestHandler):
 5     def get(self, *args, **kwargs):
 6         self.render(‘login.html‘)
 7     def post(self, *args, **kwargs):
 8         self.render(‘login.html‘)
 9 class LoginHandler(tornado.web.RequestHandler):
10     def get(self, *args, **kwargs):
11         self.render(‘login.html‘)
12     def post(self, *args, **kwargs):
13         self.render(‘login.html‘)
14 settings = {
15     "xsrf_cookies": True,
16 }
17 application = tornado.web.Application([
18     (r"/", MainHandler),
19     (r"/login", LoginHandler),
20 ], **settings)
21 if __name__ == ‘__main__‘:
22     application.listen(8888)
23     tornado.ioloop.IOLoop.instance().start()

 

Ajax -CSRF