Ajax调用中的防伪标记 [英] Anti-forgery token in Ajax calls
问题描述
您好,
我在现有的MVC应用程序中进行了强化代码分析,强化推荐我在所有HTTP POST调用中实现防伪令牌,如下所示。
Hello,
I did a fortify code analysis in an existing MVC application and fortify recommend me to implement anti-forgery token in all HTTP POST calls as below.
var token = $('input[name="__RequestVerificationToken"]').val();
var headers = {};
headers['__RequestVerificationToken'] = token;
$.ajax({
url: ... some url,
headers: headers,
....
});
在整个应用程序的所有Ajax调用中添加__RequestVerificationToken可能具有挑战性。
请帮助我了解如何在不修改现有应用程序中的所有 ajax 调用的情况下实现防伪令牌?
Adding __RequestVerificationToken in all Ajax calls across the application can be challenging.
Please help me to understand ways to implement anti-forgery token without modifying all ajax calls in an existing application?
推荐答案
(' input [name =__ RequestVerificationToken]')。val();
var headers = {};
headers [' __ RequestVerificationToken'] = token;
('input[name="__RequestVerificationToken"]').val(); var headers = {}; headers['__RequestVerificationToken'] = token;
.ajax({
url:... some url,
header:headers,
....
});
.ajax({ url: ... some url, headers: headers, .... });
在整个应用程序的所有Ajax调用中添加__RequestVerificationToken可能具有挑战性。
请帮帮我了解如何在不修改现有应用程序中的所有 ajax 调用的情况下实现防伪令牌?
Adding __RequestVerificationToken in all Ajax calls across the application can be challenging.
Please help me to understand ways to implement anti-forgery token without modifying all ajax calls in an existing application?
您是否会阅读本文,它似乎很清楚: http://blogs.perficient.com/microsoft/2014/02/asp-net-mvc-anti-forgery-token-demystified-part-1-what-is-it [ ^ ]?
(参见本页引用的其他部分。)
很抱歉,如果你已经知道所有那;如果是这样,请更清楚地解释您的疑虑。
-SA
Would you read this article, it seems to be pretty clear: http://blogs.perficient.com/microsoft/2014/02/asp-net-mvc-anti-forgery-token-demystified-part-1-what-is-it[^]?
(See other parts referenced from this page.)
Sorry if you already know all that; if so, please explain your concern more clearly.
—SA
这篇关于Ajax调用中的防伪标记的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!