<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login" method="post">
<!--{% raw xsrf_form_html() %}-->
<input type="text" name="message"/>
<input type="submit" value="Post"/>
</form>
<input type="button" value="Ajax CSRF" onclick="SubmitCsrf();"/>
<script src="jquery-3.1.1.js"></script>
<script>
function getCookie(name) {
var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
return r ? r[1] : undefined;
}
function SubmitCsrf() {
var nid = getCookie('_xsrf');
$.post({
url:'/csrf',
data:{'k1':'v1','_xsrf':nid},
success:function (callback) {
console.log(callback);
}
})
}
</script>
</body>
</html>
1 #!/usr/bin/env python
2 import tornado.ioloop
3 import tornado.web
4 class MainHandler(tornado.web.RequestHandler):
5 def get(self, *args, **kwargs):
6 self.render('login.html')
7 def post(self, *args, **kwargs):
8 self.render('login.html')
9 class LoginHandler(tornado.web.RequestHandler):
10 def get(self, *args, **kwargs):
11 self.render('login.html')
12 def post(self, *args, **kwargs):
13 self.render('login.html')
14 settings = {
15 "xsrf_cookies": True,
16 }
17 application = tornado.web.Application([
18 (r"/", MainHandler),
19 (r"/login", LoginHandler),
20 ], **settings)
21 if __name__ == '__main__':
22 application.listen(8888)
23 tornado.ioloop.IOLoop.instance().start()
浙公网安备 33010602011771号