Preventing Cross-Site Request Forgery Attacks
Cross-site request forgery (CSRF) attacks can be prevented by ensuring that any request to perform an action that either creates, updates, or deletes data in the application can only have come from a valid user clicking a valid link generated from within the application, and not from a URL crafted by a third party and submitted unwittingly by the user.
The various CSRF prevention techniques include:
The use of a unique token
The use of a challenge-response scheme, such as CAPTCHAs
Checking the HTTP Referer Header
Checking the HTTP Origin Header
Establishing and using best practices when accessing the application
這是否有幫助?