{"id":407,"date":"2025-12-08T23:40:55","date_gmt":"2025-12-08T15:40:55","guid":{"rendered":"https:\/\/weilai-future.top\/?p=407"},"modified":"2026-02-23T16:53:47","modified_gmt":"2026-02-23T08:53:47","slug":"csrf%e5%9c%a8%e6%9c%8d%e5%8a%a1%e5%99%a8%e8%b7%a8%e5%9f%9f%e6%94%bb%e5%87%bb%e7%9a%84%e9%98%b2%e5%be%a1%e5%8e%9f%e7%90%86","status":"publish","type":"post","link":"https:\/\/weilai-future.top\/index.php\/2025\/12\/08\/csrf%e5%9c%a8%e6%9c%8d%e5%8a%a1%e5%99%a8%e8%b7%a8%e5%9f%9f%e6%94%bb%e5%87%bb%e7%9a%84%e9%98%b2%e5%be%a1%e5%8e%9f%e7%90%86\/","title":{"rendered":"CSRF\u5728\u670d\u52a1\u5668\u8de8\u57df\u653b\u51fb\u7684\u9632\u5fa1\u539f\u7406"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">\u4e00\u3001CSRF\u653b\u51fb\u539f\u7406<\/h1>\n\n\n\n<iframe frameborder=\"no\" border=\"0\" marginwidth=\"0\" marginheight=\"0\" width=330 height=86 src=\"\/\/music.163.com\/outchain\/player?type=2&#038;id=2055244250&#038;auto=0&#038;height=66\"><\/iframe>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-72558541\">\u4ec0\u4e48\u662fCSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09\uff1f<\/h2>\n\n\n\n<p class=\"wp-container-content-492a994e wp-block-paragraph\">CSRF\u662f\u4e00\u79cd\u8ba9\u7528\u6237\u5728\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u4ee5\u4ed6\u4eec\u7684\u8eab\u4efd\u6267\u884c\u975e\u672c\u610f\u64cd\u4f5c\u7684\u653b\u51fb\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-516f2167\">\u653b\u51fb\u6d41\u7a0b\u793a\u4f8b\uff1a<\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list wp-container-content-492a994e\">\n<li><strong>\u7528\u6237\u767b\u5f55\u94f6\u884c\u7f51\u7ad9<\/strong>&nbsp;<code>bank.com<\/code>\uff0c\u767b\u5f55\u540e\u6d4f\u89c8\u5668\u4fdd\u5b58\u4e86\u4f1a\u8bddcookie<\/li>\n\n\n\n<li><strong>\u7528\u6237\u8bbf\u95ee\u6076\u610f\u7f51\u7ad9<\/strong>&nbsp;<code>evil.com<\/code><\/li>\n\n\n\n<li><strong>\u6076\u610f\u7f51\u7ad9\u5305\u542b\u4e00\u4e2a\u81ea\u52a8\u63d0\u4ea4\u7684\u8868\u5355<\/strong>\uff1a<\/li>\n\n\n\n<li><strong>\u6d4f\u89c8\u5668\u4f1a\u81ea\u52a8\u5e26\u4e0a<code>bank.com<\/code>\u7684cookie\uff0c\u5b8c\u6210\u8f6c\u8d26\u64cd\u4f5c<\/strong><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>&lt;form action=\"https:\/\/bank.com\/transfer\" method=\"POST\">\n  &lt;input type=\"hidden\" name=\"amount\" value=\"10000\">\n  &lt;input type=\"hidden\" name=\"to\" value=\"hacker\">\n&lt;\/form>\n&lt;script>document.forms&#091;0&#093;.submit();&lt;\/script><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F8F8F2\">&lt;<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">action<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;https:\/\/bank.com\/transfer&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">method<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;POST&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;amount&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;10000&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;to&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hacker&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;\/<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;<\/span><span style=\"color: #F92672\">script<\/span><span style=\"color: #F8F8F2\">&gt;document.forms&#091;<\/span><span style=\"color: #AE81FF\">0<\/span><span style=\"color: #F8F8F2\">&#093;.<\/span><span style=\"color: #A6E22E\">submit<\/span><span style=\"color: #F8F8F2\">();&lt;\/<\/span><span style=\"color: #F92672\">script<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">HTML<\/span><\/div>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-492a994e\"><strong>\u4e8c\u3001CSRF\u4ee4\u724c\u9632\u5fa1\u673a\u5236<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-516f2167\">\u6838\u5fc3\u601d\u60f3\uff1a\u5f15\u5165\u4e00\u4e2a\u653b\u51fb\u8005\u65e0\u6cd5\u83b7\u53d6\u7684&#8221;\u79d8\u5bc6\u4ee4\u724c&#8221;<\/h3>\n\n\n\n<p class=\"wp-container-content-516f2167 wp-block-paragraph\">Flask-WTF\u7684\u5b9e\u73b0\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">1.&nbsp;<strong>\u4ee4\u724c\u751f\u6210<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Flask-WTF\u5185\u90e8\u4f1a\u4e3a\u6bcf\u4e2a\u4f1a\u8bdd\u751f\u6210\u552f\u4e00\u7684\u4ee4\u724c\ncsrf_token = generate_random_string()  # \u6bd4\u5982\uff1a'abc123xyz'\nsession&#091;'csrf_token'&#093; = csrf_token  # \u5b58\u50a8\u5728\u670d\u52a1\u5668\u7aef\u4f1a\u8bdd\u4e2d<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\"># Flask-WTF\u5185\u90e8\u4f1a\u4e3a\u6bcf\u4e2a\u4f1a\u8bdd\u751f\u6210\u552f\u4e00\u7684\u4ee4\u724c<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">csrf_token <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> generate_random_string()  <\/span><span style=\"color: #88846F\"># \u6bd4\u5982\uff1a&#39;abc123xyz&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">session&#091;<\/span><span style=\"color: #E6DB74\">&#39;csrf_token&#39;<\/span><span style=\"color: #F8F8F2\">&#093; <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> csrf_token  <\/span><span style=\"color: #88846F\"># \u5b58\u50a8\u5728\u670d\u52a1\u5668\u7aef\u4f1a\u8bdd\u4e2d<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">2.&nbsp;<strong>\u4ee4\u724c\u5d4c\u5165\u8868\u5355<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>&lt;!-- \u5728\u8868\u5355\u4e2d\u5d4c\u5165\u4ee4\u724c -->\n&lt;form method=\"POST\">\n  &lt;input type=\"hidden\" name=\"csrf_token\" value=\"{{ csrf_token() }}\">\n  &lt;!-- csrf_token() \u4f1a\u4ecesession\u4e2d\u53d6\u51fa\u4ee4\u724c -->\n  &lt;input type=\"text\" name=\"amount\">\n&lt;\/form><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\">&lt;!-- \u5728\u8868\u5355\u4e2d\u5d4c\u5165\u4ee4\u724c --&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">method<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;POST&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;csrf_token&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;{{ csrf_token() }}&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  <\/span><span style=\"color: #88846F\">&lt;!-- csrf_token() \u4f1a\u4ecesession\u4e2d\u53d6\u51fa\u4ee4\u724c --&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;text&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;amount&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;\/<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">HTML<\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">3.&nbsp;<strong>\u4ee4\u724c\u9a8c\u8bc1\u6d41\u7a0b<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Flask-WTF\u9a8c\u8bc1\u903b\u8f91\u7b80\u5316\u7248\ndef validate_csrf():\n    # 1. \u83b7\u53d6\u8868\u5355\u63d0\u4ea4\u7684\u4ee4\u724c\n    form_token = request.form.get('csrf_token')\n    \n    # 2. \u83b7\u53d6\u670d\u52a1\u5668\u5b58\u50a8\u7684\u4ee4\u724c\n    session_token = session.get('csrf_token')\n    \n    # 3. \u4e25\u683c\u6bd4\u8f83\uff08\u9632\u65f6\u5e8f\u653b\u51fb\uff09\n    if not compare_digest(form_token, session_token):\n        abort(403)  # \u9a8c\u8bc1\u5931\u8d25\n    \n    # 4. \u6bcf\u6b21\u9a8c\u8bc1\u540e\u53ef\u9009\uff1a\u5237\u65b0\u4ee4\u724c\uff08\u9632\u91cd\u590d\u63d0\u4ea4\uff09\n    session&#091;'csrf_token'&#093; = generate_random_string()<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\"># Flask-WTF\u9a8c\u8bc1\u903b\u8f91\u7b80\u5316\u7248<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">def<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">validate_csrf<\/span><span style=\"color: #F8F8F2\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #88846F\"># 1. \u83b7\u53d6\u8868\u5355\u63d0\u4ea4\u7684\u4ee4\u724c<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    form_token <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> request.form.get(<\/span><span style=\"color: #E6DB74\">&#39;csrf_token&#39;<\/span><span style=\"color: #F8F8F2\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #88846F\"># 2. \u83b7\u53d6\u670d\u52a1\u5668\u5b58\u50a8\u7684\u4ee4\u724c<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    session_token <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> session.get(<\/span><span style=\"color: #E6DB74\">&#39;csrf_token&#39;<\/span><span style=\"color: #F8F8F2\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #88846F\"># 3. \u4e25\u683c\u6bd4\u8f83\uff08\u9632\u65f6\u5e8f\u653b\u51fb\uff09<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">if<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #F92672\">not<\/span><span style=\"color: #F8F8F2\"> compare_digest(form_token, session_token):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        abort(<\/span><span style=\"color: #AE81FF\">403<\/span><span style=\"color: #F8F8F2\">)  <\/span><span style=\"color: #88846F\"># \u9a8c\u8bc1\u5931\u8d25<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #88846F\"># 4. \u6bcf\u6b21\u9a8c\u8bc1\u540e\u53ef\u9009\uff1a\u5237\u65b0\u4ee4\u724c\uff08\u9632\u91cd\u590d\u63d0\u4ea4\uff09<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    session&#091;<\/span><span style=\"color: #E6DB74\">&#39;csrf_token&#39;<\/span><span style=\"color: #F8F8F2\">&#093; <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> generate_random_string()<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-492a994e\">\u4e09\u3001\u4e3a\u4ec0\u4e48\u80fd\u9632\u5fa1CSRF\uff1f<\/h2>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-516f2167\">\u5173\u952e\u70b9\u5206\u6790\uff1a<\/h3>\n\n\n\n<h4 class=\"wp-block-heading wp-container-content-516f2167\">1.&nbsp;<strong>\u540c\u6e90\u7b56\u7565\u4fdd\u62a4\u4ee4\u724c<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list wp-container-content-516f2167\">\n<li>\u6076\u610f\u7f51\u7ad9<code>evil.com<\/code><strong>\u65e0\u6cd5\u8bfb\u53d6<\/strong><code>bank.com<\/code>\u9875\u9762\u4e2d\u7684CSRF\u4ee4\u724c<\/li>\n\n\n\n<li>\u6d4f\u89c8\u5668\u540c\u6e90\u7b56\u7565\u7981\u6b62\u8de8\u57df\u8bfb\u53d6\u9875\u9762\u5185\u5bb9<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading wp-container-content-492a994e\">2.&nbsp;<strong>\u653b\u51fb\u5931\u8d25\u793a\u4f8b<\/strong>\uff1a<\/h4>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>&lt;!-- evil.com\u7684\u6076\u610f\u9875\u9762 -->\n&lt;form action=\"https:\/\/bank.com\/transfer\" method=\"POST\">\n  &lt;input type=\"hidden\" name=\"amount\" value=\"10000\">\n  &lt;input type=\"hidden\" name=\"to\" value=\"hacker\">\n  &lt;!-- \u653b\u51fb\u8005\u4e0d\u77e5\u9053\u6b63\u786e\u7684csrf_token\u503c\uff01 -->\n  &lt;input type=\"hidden\" name=\"csrf_token\" value=\"????\">\n&lt;\/form>\n&lt;script>document.forms&#091;0&#093;.submit();&lt;\/script><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\">&lt;!-- evil.com\u7684\u6076\u610f\u9875\u9762 --&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">action<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;https:\/\/bank.com\/transfer&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">method<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;POST&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;amount&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;10000&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;to&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hacker&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  <\/span><span style=\"color: #88846F\">&lt;!-- \u653b\u51fb\u8005\u4e0d\u77e5\u9053\u6b63\u786e\u7684csrf_token\u503c\uff01 --&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">  &lt;<\/span><span style=\"color: #F92672\">input<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">type<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;hidden&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">name<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;csrf_token&quot;<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">value<\/span><span style=\"color: #F8F8F2\">=<\/span><span style=\"color: #E6DB74\">&quot;????&quot;<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;\/<\/span><span style=\"color: #F92672\">form<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">&lt;<\/span><span style=\"color: #F92672\">script<\/span><span style=\"color: #F8F8F2\">&gt;document.forms&#091;<\/span><span style=\"color: #AE81FF\">0<\/span><span style=\"color: #F8F8F2\">&#093;.<\/span><span style=\"color: #A6E22E\">submit<\/span><span style=\"color: #F8F8F2\">();&lt;\/<\/span><span style=\"color: #F92672\">script<\/span><span style=\"color: #F8F8F2\">&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">HTML<\/span><\/div>\n\n\n\n<h4 class=\"wp-block-heading wp-container-content-492a994e\">3.&nbsp;<strong>\u53cc\u91cd\u9a8c\u8bc1\u673a\u5236<\/strong>\uff1a<\/h4>\n\n\n\n<ul class=\"wp-block-list wp-container-content-516f2167\">\n<li>\u7b2c\u4e00\u91cd\uff1a\u4f1a\u8bddcookie\uff08\u6d4f\u89c8\u5668\u81ea\u52a8\u53d1\u9001\uff09<\/li>\n\n\n\n<li>\u7b2c\u4e8c\u91cd\uff1aCSRF\u4ee4\u724c\uff08\u5fc5\u987b\u5b58\u5728\u4e8e\u8868\u5355\u6570\u636e\u4e2d\uff09<\/li>\n\n\n\n<li><strong>\u653b\u51fb\u8005\u53ea\u80fd\u83b7\u53d6\u7b2c\u4e00\u91cd\uff0c\u65e0\u6cd5\u83b7\u53d6\u7b2c\u4e8c\u91cd<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-492a994e\">\u56db\u3001Flask-WTF CSRF\u7684\u5b8c\u6574\u914d\u7f6e<\/h2>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>from flask import Flask\nfrom flask_wtf.csrf import CSRFProtect\n\napp = Flask(__name__)\napp.config&#091;'SECRET_KEY'&#093; = 'your-secret-key'  # \u5fc5\u987b\u8bbe\u7f6e\uff0c\u7528\u4e8e\u7b7e\u540dsession\napp.config&#091;'WTF_CSRF_SECRET_KEY'&#093; = 'different-secret-key'  # \u53ef\u9009\uff0c\u4e13\u95e8\u7528\u4e8eCSRF\n\ncsrf = CSRFProtect(app)\n\n# AJAX\u8bf7\u6c42\u9700\u8981\u989d\u5916\u5904\u7406\n@app.after_request\ndef set_csrf_cookie(response):\n    if request.path.startswith('\/api\/'):\n        response.set_cookie('X-CSRFToken', csrf_token())\n    return response<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F92672\">from<\/span><span style=\"color: #F8F8F2\"> flask <\/span><span style=\"color: #F92672\">import<\/span><span style=\"color: #F8F8F2\"> Flask<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F92672\">from<\/span><span style=\"color: #F8F8F2\"> flask_wtf.csrf <\/span><span style=\"color: #F92672\">import<\/span><span style=\"color: #F8F8F2\"> CSRFProtect<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">app <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> Flask(__name__)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">app.config&#091;<\/span><span style=\"color: #E6DB74\">&#39;SECRET_KEY&#39;<\/span><span style=\"color: #F8F8F2\">&#093; <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #E6DB74\">&#39;your-secret-key&#39;<\/span><span style=\"color: #F8F8F2\">  <\/span><span style=\"color: #88846F\"># \u5fc5\u987b\u8bbe\u7f6e\uff0c\u7528\u4e8e\u7b7e\u540dsession<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">app.config&#091;<\/span><span style=\"color: #E6DB74\">&#39;WTF_CSRF_SECRET_KEY&#39;<\/span><span style=\"color: #F8F8F2\">&#093; <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #E6DB74\">&#39;different-secret-key&#39;<\/span><span style=\"color: #F8F8F2\">  <\/span><span style=\"color: #88846F\"># \u53ef\u9009\uff0c\u4e13\u95e8\u7528\u4e8eCSRF<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">csrf <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> CSRFProtect(app)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #88846F\"># AJAX\u8bf7\u6c42\u9700\u8981\u989d\u5916\u5904\u7406<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A6E22E\">@app.after_request<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">def<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">set_csrf_cookie<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #FD971F; font-style: italic\">response<\/span><span style=\"color: #F8F8F2\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">if<\/span><span style=\"color: #F8F8F2\"> request.path.startswith(<\/span><span style=\"color: #E6DB74\">&#39;\/api\/&#39;<\/span><span style=\"color: #F8F8F2\">):<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        response.set_cookie(<\/span><span style=\"color: #E6DB74\">&#39;X-CSRFToken&#39;<\/span><span style=\"color: #F8F8F2\">, csrf_token())<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">return<\/span><span style=\"color: #F8F8F2\"> response<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-492a994e\">\u4e94\u3001AJAX\u8bf7\u6c42\u7684CSRF\u4fdd\u62a4<\/h2>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">1.&nbsp;<strong>\u83b7\u53d6\u4ee4\u724c<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/\/ \u4ecemeta\u6807\u7b7e\u83b7\u53d6\uff08Flask-WTF\u81ea\u52a8\u751f\u6210\uff09\nvar csrf_token = document.querySelector('meta&#091;name=\"csrf-token\"&#093;').content;\n\n\/\/ \u6216\u4ececookie\u83b7\u53d6\nfunction getCookie(name) {\n    let cookieValue = null;\n    if (document.cookie &amp;&amp; document.cookie !== '') {\n        const cookies = document.cookie.split(';');\n        for (let cookie of cookies) {\n            cookie = cookie.trim();\n            if (cookie.substring(0, name.length + 1) === (name + '=')) {\n                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\n                break;\n            }\n        }\n    }\n    return cookieValue;\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\">\/\/ \u4ecemeta\u6807\u7b7e\u83b7\u53d6\uff08Flask-WTF\u81ea\u52a8\u751f\u6210\uff09<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">var<\/span><span style=\"color: #F8F8F2\"> csrf_token <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> document.<\/span><span style=\"color: #A6E22E\">querySelector<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;meta&#091;name=&quot;csrf-token&quot;&#093;&#39;<\/span><span style=\"color: #F8F8F2\">).content;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #88846F\">\/\/ \u6216\u4ececookie\u83b7\u53d6<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">function<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">getCookie<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #FD971F; font-style: italic\">name<\/span><span style=\"color: #F8F8F2\">) {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #66D9EF; font-style: italic\">let<\/span><span style=\"color: #F8F8F2\"> cookieValue <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #AE81FF\">null<\/span><span style=\"color: #F8F8F2\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">if<\/span><span style=\"color: #F8F8F2\"> (document.cookie <\/span><span style=\"color: #F92672\">&amp;&amp;<\/span><span style=\"color: #F8F8F2\"> document.cookie <\/span><span style=\"color: #F92672\">!==<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #E6DB74\">&#39;&#39;<\/span><span style=\"color: #F8F8F2\">) {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        <\/span><span style=\"color: #66D9EF; font-style: italic\">const<\/span><span style=\"color: #F8F8F2\"> cookies <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> document.cookie.<\/span><span style=\"color: #A6E22E\">split<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;;&#39;<\/span><span style=\"color: #F8F8F2\">);<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        <\/span><span style=\"color: #F92672\">for<\/span><span style=\"color: #F8F8F2\"> (<\/span><span style=\"color: #66D9EF; font-style: italic\">let<\/span><span style=\"color: #F8F8F2\"> cookie <\/span><span style=\"color: #F92672\">of<\/span><span style=\"color: #F8F8F2\"> cookies) {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">            cookie <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> cookie.<\/span><span style=\"color: #A6E22E\">trim<\/span><span style=\"color: #F8F8F2\">();<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">            <\/span><span style=\"color: #F92672\">if<\/span><span style=\"color: #F8F8F2\"> (cookie.<\/span><span style=\"color: #A6E22E\">substring<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #AE81FF\">0<\/span><span style=\"color: #F8F8F2\">, name.length <\/span><span style=\"color: #F92672\">+<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #AE81FF\">1<\/span><span style=\"color: #F8F8F2\">) <\/span><span style=\"color: #F92672\">===<\/span><span style=\"color: #F8F8F2\"> (name <\/span><span style=\"color: #F92672\">+<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #E6DB74\">&#39;=&#39;<\/span><span style=\"color: #F8F8F2\">)) {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">                cookieValue <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">decodeURIComponent<\/span><span style=\"color: #F8F8F2\">(cookie.<\/span><span style=\"color: #A6E22E\">substring<\/span><span style=\"color: #F8F8F2\">(name.length <\/span><span style=\"color: #F92672\">+<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #AE81FF\">1<\/span><span style=\"color: #F8F8F2\">));<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">                <\/span><span style=\"color: #F92672\">break<\/span><span style=\"color: #F8F8F2\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">            }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">return<\/span><span style=\"color: #F8F8F2\"> cookieValue;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">}<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">JavaScript<\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">2.&nbsp;<strong>\u53d1\u9001AJAX\u8bf7\u6c42<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/\/ \u65b9\u6cd51\uff1a\u653e\u5728\u8bf7\u6c42\u5934\u4e2d\nfetch('\/api\/transfer', {\n    method: 'POST',\n    headers: {\n        'X-CSRFToken': csrf_token,\n        'Content-Type': 'application\/json'\n    },\n    body: JSON.stringify(data)\n});\n\n\/\/ \u65b9\u6cd52\uff1a\u653e\u5728\u8bf7\u6c42\u4f53\u4e2d\uff08\u8868\u5355\u683c\u5f0f\uff09\nconst formData = new FormData();\nformData.append('csrf_token', csrf_token);\nformData.append('amount', 100);<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\">\/\/ \u65b9\u6cd51\uff1a\u653e\u5728\u8bf7\u6c42\u5934\u4e2d<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A6E22E\">fetch<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;\/api\/transfer&#39;<\/span><span style=\"color: #F8F8F2\">, {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    method: <\/span><span style=\"color: #E6DB74\">&#39;POST&#39;<\/span><span style=\"color: #F8F8F2\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    headers: {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        <\/span><span style=\"color: #E6DB74\">&#39;X-CSRFToken&#39;<\/span><span style=\"color: #F8F8F2\">: csrf_token,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">        <\/span><span style=\"color: #E6DB74\">&#39;Content-Type&#39;<\/span><span style=\"color: #F8F8F2\">: <\/span><span style=\"color: #E6DB74\">&#39;application\/json&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    },<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    body: JSON.<\/span><span style=\"color: #A6E22E\">stringify<\/span><span style=\"color: #F8F8F2\">(data)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">});<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #88846F\">\/\/ \u65b9\u6cd52\uff1a\u653e\u5728\u8bf7\u6c42\u4f53\u4e2d\uff08\u8868\u5355\u683c\u5f0f\uff09<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">const<\/span><span style=\"color: #F8F8F2\"> formData <\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #F92672\">new<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">FormData<\/span><span style=\"color: #F8F8F2\">();<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">formData.<\/span><span style=\"color: #A6E22E\">append<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;csrf_token&#39;<\/span><span style=\"color: #F8F8F2\">, csrf_token);<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">formData.<\/span><span style=\"color: #A6E22E\">append<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;amount&#39;<\/span><span style=\"color: #F8F8F2\">, <\/span><span style=\"color: #AE81FF\">100<\/span><span style=\"color: #F8F8F2\">);<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">JavaScript<\/span><\/div>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-492a994e\">\u516d\u3001\u5b9e\u8df5\u548c\u6ce8\u610f\u4e8b\u9879<\/h2>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">1.&nbsp;<strong>\u5b89\u5168\u914d\u7f6e<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># \u751f\u4ea7\u73af\u5883\u914d\u7f6e\napp.config.update(\n    WTF_CSRF_SSL_STRICT=True,      # \u68c0\u67e5Referer\u5934\n    WTF_CSRF_TIME_LIMIT=3600,       # \u4ee4\u724c\u6709\u6548\u671f\n    WTF_CSRF_HEADERS=&#091;'X-CSRFToken', 'X-XSRF-Token'&#093;  # \u63a5\u53d7\u7684\u8bf7\u6c42\u5934\n)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88846F\"># \u751f\u4ea7\u73af\u5883\u914d\u7f6e<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">app.config.update(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #FD971F; font-style: italic\">WTF_CSRF_SSL_STRICT<\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #AE81FF\">True<\/span><span style=\"color: #F8F8F2\">,      <\/span><span style=\"color: #88846F\"># \u68c0\u67e5Referer\u5934<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #FD971F; font-style: italic\">WTF_CSRF_TIME_LIMIT<\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #AE81FF\">3600<\/span><span style=\"color: #F8F8F2\">,       <\/span><span style=\"color: #88846F\"># \u4ee4\u724c\u6709\u6548\u671f<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #FD971F; font-style: italic\">WTF_CSRF_HEADERS<\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\">&#091;<\/span><span style=\"color: #E6DB74\">&#39;X-CSRFToken&#39;<\/span><span style=\"color: #F8F8F2\">, <\/span><span style=\"color: #E6DB74\">&#39;X-XSRF-Token&#39;<\/span><span style=\"color: #F8F8F2\">&#093;  <\/span><span style=\"color: #88846F\"># \u63a5\u53d7\u7684\u8bf7\u6c42\u5934<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">2.&nbsp;<strong>\u9700\u8981\u8c41\u514dCSRF\u7684\u60c5\u51b5<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:1rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#272822\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#F8F8F2;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>@csrf.exempt\n@app.route('\/webhook', methods=&#091;'POST'&#093;)\ndef webhook():\n    # \u7b2c\u4e09\u65b9webhook\u901a\u5e38\u9700\u8981\u8c41\u514d\n    pass<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki monokai\" style=\"background-color: #272822\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #A6E22E\">@csrf.exempt<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A6E22E\">@app.route<\/span><span style=\"color: #F8F8F2\">(<\/span><span style=\"color: #E6DB74\">&#39;\/webhook&#39;<\/span><span style=\"color: #F8F8F2\">, <\/span><span style=\"color: #FD971F; font-style: italic\">methods<\/span><span style=\"color: #F92672\">=<\/span><span style=\"color: #F8F8F2\">&#091;<\/span><span style=\"color: #E6DB74\">&#39;POST&#39;<\/span><span style=\"color: #F8F8F2\">&#093;)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #66D9EF; font-style: italic\">def<\/span><span style=\"color: #F8F8F2\"> <\/span><span style=\"color: #A6E22E\">webhook<\/span><span style=\"color: #F8F8F2\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #88846F\"># \u7b2c\u4e09\u65b9webhook\u901a\u5e38\u9700\u8981\u8c41\u514d<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F8F8F2\">    <\/span><span style=\"color: #F92672\">pass<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#272822;color:#efefe1;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading wp-container-content-492a994e\">3.&nbsp;<strong>\u5e38\u89c1\u95ee\u9898<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list wp-container-content-516f2167\">\n<li><strong>\u4ee4\u724c\u5237\u65b0<\/strong>\uff1a\u6bcf\u6b21\u9a8c\u8bc1\u540e\u5237\u65b0\u4ee4\u724c\u53ef\u9632\u91cd\u590d\u63d0\u4ea4\u653b\u51fb<\/li>\n\n\n\n<li><strong>\u591a\u4e2a\u6807\u7b7e\u9875<\/strong>\uff1aFlask-WTF\u9ed8\u8ba4\u652f\u6301\u591a\u6807\u7b7e\u9875\u64cd\u4f5c<\/li>\n\n\n\n<li><strong>API\u8bbe\u8ba1<\/strong>\uff1a\u7eafAPI\u670d\u52a1\u5e94\u8003\u8651\u4f7f\u7528JWT\u7b49\u5176\u4ed6\u8ba4\u8bc1\u65b9\u5f0f<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading wp-container-content-516f2167\">\u603b\u7ed3<\/h2>\n\n\n\n<p class=\"wp-container-content-516f2167 wp-block-paragraph\">Flask-WTF\u7684CSRF\u4fdd\u62a4\u901a\u8fc7&#8221;\u4f1a\u8bdd\u7ed1\u5b9a\u4ee4\u724c&#8221;\u673a\u5236\uff0c\u786e\u4fdd\uff1a<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list wp-container-content-516f2167\">\n<li><strong>\u6bcf\u4e2a\u4f1a\u8bdd\u6709\u552f\u4e00\u4ee4\u724c<\/strong>\uff0c\u653b\u51fb\u8005\u65e0\u6cd5\u731c\u6d4b<\/li>\n\n\n\n<li><strong>\u4ee4\u724c\u5fc5\u987b\u968f\u8868\u5355\u63d0\u4ea4<\/strong>\uff0c\u653b\u51fb\u8005\u65e0\u6cd5\u83b7\u53d6<\/li>\n\n\n\n<li><strong>\u53cc\u91cd\u9a8c\u8bc1\u673a\u5236<\/strong>\uff1a\u4f1a\u8bddcookie + CSRF\u4ee4\u724c<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-container-content-516f2167 wp-block-paragraph\">\u8fd9\u79cd\u8bbe\u8ba1\u5b8c\u7f8e\u89e3\u51b3\u4e86CSRF\u653b\u51fb\u7684\u6838\u5fc3\u95ee\u9898\uff1a<strong>\u653b\u51fb\u8005\u53ef\u4ee5\u4f2a\u9020\u8bf7\u6c42\uff0c\u4f46\u65e0\u6cd5\u4f2a\u9020\u4ee4\u724c<\/strong>\u3002\u53ea\u8981\u9075\u5faa\u6b63\u786e\u7684\u914d\u7f6e\uff0c\u5c31\u80fd\u6709\u6548\u4fdd\u62a4Web\u5e94\u7528\u514d\u53d7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002<\/p>\n\n\n\n<details class=\"wp-block-details alignwide is-layout-flow wp-block-details-is-layout-flow\"><summary><em>Think First<\/em><\/summary>\n<p class=\"wp-block-paragraph\"><em>Thank for watching<\/em><\/p>\n<\/details>\n\n\n\n<div class=\"wp-block-group alignwide is-layout-grid wp-container-core-group-is-layout-e39da43a wp-block-group-is-layout-grid\"><div class=\"random-quote span-3-columns\" style=\"padding: 30px; margin: 20px 0; background: #f8f9fa; border-left: 4px solid #0073aa; border-radius: 8px; grid-column: span 3; min-height: 200px; display: flex; flex-direction: column; justify-content: center;\"><p style=\"margin: 0 0 20px 0; font-size: 18px; line-height: 1.6; color: #2c3e50; font-style: italic; font-family: 'Georgia', serif;\">Happiness: a good bank account, a good cook, and a good digestion.<\/p><p style=\"margin: 0 0 25px 0; font-size: 16px; line-height: 1.6; color: #34495e; border-left: 2px solid #bdc3c7; padding-left: 15px;\">\u5e78\u798f\uff1a\u4e00\u4e2a\u597d\u7684\u94f6\u884c\u8d26\u6237\uff0c\u4e00\u4f4d\u597d\u53a8\u5e08\uff0c\u548c\u4e00\u526f\u597d\u6d88\u5316\u7cfb\u7edf\u3002<\/p><div style=\"text-align: right; font-size: 14px; color: #7f8c8d; font-weight: bold; border-top: 1px solid #ecf0f1; padding-top: 10px;\">\u2014\u2014 \u5362\u68ad<\/div><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00\u3001CSRF\u653b\u51fb\u539f\u7406 \u4ec0\u4e48\u662fCSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09\uff1f CSRF\u662f\u4e00\u79cd\u8ba9\u7528\u6237\u5728\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u4ee5\u4ed6\u4eec\u7684\u8eab\u4efd\u6267\u884c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-407","post","type-post","status-publish","format-standard","hentry","category-data_base"],"_links":{"self":[{"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/posts\/407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/comments?post=407"}],"version-history":[{"count":7,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/posts\/407\/revisions"}],"predecessor-version":[{"id":519,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/posts\/407\/revisions\/519"}],"wp:attachment":[{"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/media?parent=407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/categories?post=407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weilai-future.top\/index.php\/wp-json\/wp\/v2\/tags?post=407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}