CSRF

 Cross Site Request Forgery 

跨站请求伪造

下面是一个测试的demo

如下服务

let num = 100
router.get('/getnum', (req,res) => {
	console.log(req.headers.referer)
	var data={
		"message": "success",
		"code": 200,
		"data": {
			"balanceAccount": num,
		}
	}
	console.log(num)
	res.json(data)
})
router.get('/delete', (req,res) => {
	num = 0
	var data={
		"message": "success",
		"code": 200,
	}
	console.log(num)
	res.json(data)
})

　　页面1

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>

<body>
    <div id="parent">
        <p>
            this is csrf
        </p>
    </div>
    <button>delete</button>
</body>
<script>
    fetch("http://localhost:3000/test/getnum")
        .then(
            function (response) {
                if (response.status !== 200) {
                    console.log("存在一个问题，状态码为：" + response.status);
                    return;
                }
                //检查响应文本
                response.json().then(function (data) {
                    console.log(data);
                    document.getElementById('parent').innerHTML += data.data.balanceAccount
                });
            }
        )
        .catch(function (err) {
            console.log("Fetch错误:" + err);
        });
</script>

</html>

　　页面2

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>
<body>
    <img src="http://localhost:3000/test/delete" alt="" srcset="">
</body>
</html>

　　当页面1的用户登陆后,再去访问页面2,页面2就可以获取用户的信任凭证(cookie),就可以服务器的上的num给设置为0了.

防范:

1、验证码

2、Referer Check,该方法还能盗图

3、添加token验证