Yesod 1.2 CSRF保护 [英] Yesod 1.2 CSRF protection

问题描述

我对Yesod的CSRF保护以及Yesod的表单一般如何工作感到困惑。据我了解，Yesod的表单系统使用令牌，该令牌作为隐藏字段传递到表单的HTML实现中。处理表单时，会将令牌与服务器上存储（或至少重新创建）的令牌进行比较。我想跟踪一下，因为CSRF保护是在我的开发环境中被虚假触发的，并且我想更改我的环境，以便表单在开发中和在生产中都一样。

I'm confused about Yesod's CSRF protection, and how Yesod's forms work in general. It's my understanding that Yesod's form system uses a "token" which is passed into the HTML realization of the form as a hidden field. When the form is processed, the token is compared to one stored (or at least recreated) on the server. I'd like to track that down, because the CSRF protection is being triggered spuriously in my development environment, and I'd like to change my environment so the forms work the same in development as in production.

那么Yesod的CSRF令牌依赖什么？

So what does Yesod's CSRF token "depend on"?

推荐答案

令牌存储在用户会话。您可以通过以下方式访问它：

The token is stored in the user session. You can get access to it via:

fmap reqToken getRequest

这篇关于Yesod 1.2 CSRF保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！